ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browser Agent Bridge CLI

v1.0.4

Use this skill when you need to control or make actions on the user's chrome tab.

0· 383·0 current·0 all-time
byGregory Potemkin@nmadeleidev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (control a Chrome tab) aligns with the SKILL.md: it documents a bridge server, a Chrome extension, and an operator CLI for navigation, clicking, DOM snapshots, etc.
!
Instruction Scope
The instructions tell the agent to generate and use BRIDGE_SHARED_TOKEN and BRIDGE_OPERATOR_TOKEN, run a background server, install a CLI package, and ask a human to load an unpacked Chrome extension from a GitHub repo — all of which are necessary for the described capability but expand scope beyond a pure 'instruction-only' skill. The SKILL.md will cause the agent (or user) to fetch and run third‑party code and to capture and transmit page DOM and UI events, which can reveal sensitive page content.
!
Install Mechanism
Although the registry lists no install spec, the SKILL.md instructs installing 'browser-agent-bridge' via pipx and loading an extension from a GitHub repo. That pulls unvetted code from external sources (PyPI and GitHub) and will execute it locally — this is a legitimate way to install the tool but increases risk if the packages/repo are untrusted.
!
Credentials
The registry metadata lists no required environment variables, yet the runtime instructions require BRIDGE_SHARED_TOKEN and BRIDGE_OPERATOR_TOKEN (and optional BRIDGE_AUTH_MODE). That mismatch is important: the skill needs secret tokens to operate but does not declare them in metadata for review. These tokens grant the operator full control of connected browser clients, so they are high-value secrets and should be explicitly declared and protected.
Persistence & Privilege
The skill is not marked 'always:true' and does not request system-wide config changes, but it enables remote control of a local browser. Because model invocation is allowed (default), an agent using this skill could autonomously start the bridge server and send commands if given the necessary tokens — consider requiring explicit user confirmation before performing actions that control the user's browser.
What to consider before installing
Before installing or running: 1) Verify the PyPI package and GitHub extension repository (review code, recent commits, maintainer reputation). 2) Treat BRIDGE_OPERATOR_TOKEN as a high-value secret — generate fresh, strong tokens and do not reuse them. 3) Only load the extension in a disposable browser profile (not your primary profile with sensitive logins). 4) Prefer running the bridge on an isolated machine or VM and inspect the package contents before running. 5) Do not grant the agent unattended/autonomous permission to start the server or control your browser without explicit, per-action approval. 6) If you lack the ability to audit the code, consider declining installation or running it in a tightly sandboxed environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ng8hr5xaykcmdadtqvwtvd8389s6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments