Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Selenium Automation Skill
v1.0.0Automate browser tasks using Selenium, including form filling, web scraping, UI testing, button clicks, alert handling, and capturing screenshots.
⭐ 0· 114·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (Selenium browser automation) align with included scripts (form_filler, web_scraper, time_logger) and SKILL.md examples. The requested resources in metadata (no env vars, no required binaries) are broadly consistent with a generic Selenium tool that relies on installed browsers and pip packages.
Instruction Scope
SKILL.md and the scripts instruct the agent to visit arbitrary URLs, fill and submit forms, click buttons, handle alerts, upload files, and capture screenshots. Those actions are expected for browser automation but are powerful: they can interact with authenticated pages, submit data on behalf of users, and extract sensitive content. The SKILL.md shows examples using usernames/passwords but the registry metadata does not declare how credentials should be provided or stored; the scripts appear to accept credentials via CLI (implied by examples), which raises a risk of accidental credential entry or misuse. The instructions give broad discretion to operate on arbitrary sites (no explicit limits or safeguards).
Install Mechanism
There is no formal install spec in the registry, but SKILL.md tells users to pip install selenium, webdriver-manager, beautifulsoup4, pandas. The included webdriver_manager usage will download browser driver binaries at runtime from upstream locations — this requires network access and results in code/binaries being fetched/executed dynamically. This is common for Selenium tooling but increases the runtime attack surface (third‑party downloads).
Credentials
The skill declares no required environment variables or credentials, which is coherent. However the scripts expect/accept sensitive inputs (usernames, passwords, site URLs) via CLI examples in SKILL.md; the registry does not declare these or advise on secure handling. The skill also implicitly requires local browser installations or the ability to run headless browsers and to download drivers — capabilities that are not captured in the metadata.
Persistence & Privilege
always is false and the skill does not request permanent agent inclusion or modify other skills. There is no evidence it alters agent configs or requests elevated platform privileges.
What to consider before installing
This skill appears to do what it claims (Selenium automation) but comes with important operational risks: it will visit arbitrary URLs and can fill/submit forms and interact with pages (including authenticated portals), and it downloads browser drivers at runtime. Before installing, consider: (1) Do not supply real account credentials unless you trust the code — prefer temporary/test accounts. (2) Run the skill in an isolated environment (VM/container) with limited network access if possible. (3) Review the included Python scripts locally to confirm no unexpected network callbacks or hardcoded endpoints — the published files show no explicit exfiltration endpoints, but dynamic interactions can leak data to the target sites. (4) Be aware webdriver_manager will fetch binaries from the Internet; if your environment restricts external downloads, adjust accordingly. (5) If you need to use this skill in production, add explicit safeguards (domain whitelists, credential handling policies, and logs) and consider code hardening and input validation. If you want, I can list the specific CLI flags the scripts appear to accept and points in the code you should review carefully (e.g., where credentials are used or saved).Like a lobster shell, security has layers — review code before you run it.
latestvk9736k5244ser2407nfp0ca9yn839fr8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.