Back to skill
Skillv1.0.0
VirusTotal security
AI-Search-Hub · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:26 AM
- Hash
- 10ec8db1eb60d0090c6994a8f0eec8080e05c65b1cad75179023ce695e7ec59e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-search-hub Version: 1.0.0 The skill bundle contains scripts designed to automate interactions with multiple AI platforms by programmatically controlling a web browser. A significant security concern is found in `scripts/run_web_chat.py`, which contains logic to locate and copy the user's local browser profiles (including cookies, session data, and history) from various browsers (Chrome, Edge, Brave, etc.) into an 'isolated debug profile' directory. While this behavior is documented in `SKILL.md` as a way to maintain logged-in sessions for automation, the broad access to and duplication of sensitive browser data represents a high-risk capability that could be used for credential theft if the tool's intent were to change. No evidence of active data exfiltration to external third-party domains was found.
- External report
- View on VirusTotal