Gstack
Security checks across malware telemetry and agentic risk
Overview
Gstack appears to be a legitimate browser QA tool, but it deserves review because it can run/update local code, keep or import logged-in browser sessions, and drive websites with broad automation.
Install only if you trust the source and are comfortable with a local browser daemon. Review setup/upgrade scripts before running them, use staging or test accounts when possible, import real browser cookies only when necessary, and clear `.gstack` or `~/.gstack` state/logs after sensitive testing.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or first-running the skill may execute code that was not fully described by the registry metadata.
The skill asks the agent to run local setup code and, if needed, execute a remote installer script. This is not represented by a formal install spec in the supplied registry data.
If `NEEDS_SETUP`: ... Run: `cd <SKILL_DIR> && ./setup` ... If `bun` is not installed: `curl -fsSL https://bun.sh/install | bash`
Only install from a source you trust, review the setup and upgrade scripts first, and avoid curl-to-bash installation unless you are comfortable with the supply-chain risk.
An agent using this skill could submit forms, upload files, click destructive controls, or run page-context JavaScript as the logged-in user.
The browser tool exposes both mutating web actions and raw page JavaScript/eval capability. That is useful for QA, but broad when combined with logged-in sessions or production sites.
| Interact | `click`, `fill`, `select`, `hover`, `type`, `press`, `scroll`, `wait`, `viewport`, `upload` | Use the page | ... | Inspect | `js`, `eval`, ... | Debug and verify |
Use it primarily on local, staging, or test accounts; require explicit confirmation before actions that purchase, publish, delete, moderate, or change real account data.
Imported cookies let the automated browser act as you on authenticated websites.
The skill can read/decrypt local browser cookies and load them into the automated browser. This is high-impact account/session access even though it is purpose-aligned and documented.
Cookie decryption reads Chromium's SQLite cookie database directly... Keychain access requires user approval... decrypted in memory... loaded into the Playwright context
Do not import cookies for sensitive accounts unless necessary; prefer test accounts and verify which browser/profile/domain is being imported.
Browser state can carry across tasks for up to the idle timeout, including tabs and logged-in sessions.
The skill intentionally runs a local background browser daemon and keeps browser state across calls. This is disclosed and useful for QA, but it is persistent behavior users should notice.
Persistent headless Chromium. First call auto-starts... Auto-shuts down after 30 min idle. State persists between calls (cookies, tabs, sessions).
Stop/clear the browser session when done with sensitive sites, and avoid sharing the workspace state directory.
Local QA logs may retain URLs, messages, errors, or other page data after the session.
The browser captures console, network, and dialog history and writes logs under .gstack. These logs may contain private application data even if cookie values are not logged.
Console: `.gstack/browse-console.log` ... Network: `.gstack/browse-network.log` ... Dialog: `.gstack/browse-dialog.log` ... circular buffers (50,000 capacity each) and flushed to disk
Treat `.gstack` logs as sensitive and delete them after testing confidential or authenticated applications.