ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browser Automation CLI

v1.0.0

Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from websites, take screenshots, fill forms, click buttons, or interact with web applications.

0· 2.8k·12 current·13 all-time
by@peytoncasper·duplicate of @peytoncasper/browser-automation
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim simple browser automation. However the included docs reference requiring an ANTHROPIC_API_KEY and optional Browserbase keys (BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID) and an npm-installed CLI. The registry metadata declares no required env vars or binaries — that mismatch is unexplained. A legitimate CLI-based browser skill would reasonably need an API key for the model or Browserbase creds and a real install spec; the absence of those in the manifest is inconsistent.
!
Instruction Scope
SKILL.md instructs automatic environment selection by checking a .env file for Browserbase keys and says selection occurs with 'No user prompting', implying the agent should read local config without asking. It also instructs running `npm install` and `npm link` and to use a persistent Chrome profile (.chrome-profile/) and agent download folder, which involves reading/writing local files, persisting cookies/sessions, and creating a global command — all outside a minimal 'read-only browse' scope and potentially exposing sensitive data (API keys, session cookies).
!
Install Mechanism
There is no formal install spec in the registry, but SKILL.md/setup.json explicitly instructs `npm install` and `npm link`. That would modify disk and create a global binary. The skill bundle itself contains no code files or package manifest, so `npm install` may fail here — but the instructions still encourage installing arbitrary Node dependencies which is a high-risk action because it can fetch and run code from the network and alter the host environment.
!
Credentials
The skill manifest claims no required env vars, yet the docs require/encourage ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID. The instructions tell the agent to check .env automatically. Requesting model API keys and remote service keys is plausible for AI-driven automation, but the lack of declaration in the registry and the automatic, non-interactive checking of local .env is disproportionate and risks accidental credential exposure or silent use of remote services.
!
Persistence & Privilege
The setup flow recommends `npm link` to create a global 'browser' command (system-wide change) and uses a persistent Chrome profile directory (.chrome-profile/) that preserves cookies and sessions between runs. The skill does not set always:true, but the instructions still request persistent artifacts and global CLI installation which increases blast radius and privacy risk if installed without inspection.
What to consider before installing
Do not run the suggested setup steps blindly. Key warnings: - Manifest vs docs mismatch: the registry says no env vars required but the docs expect ANTHROPIC_API_KEY and optional Browserbase keys. Treat those as sensitive secrets. - The SKILL.md instructs reading a local .env automatically without prompting — that could expose API keys or other secrets. Ensure the agent is not allowed to read .env or other config files unless you explicitly permit it. - The instructions recommend `npm install` and `npm link`, which will fetch and install Node packages and create a global command. Inspect any package.json and the source code first (and prefer not to run npm link globally) because this changes your system and can run arbitrary code. - The tool preserves a Chrome profile directory and download folder; that can retain cookies, sessions, and downloaded files. If you install, isolate it (use a VM/container) and do not reuse your regular browser profile. - Before installing, request the actual package source (package.json, package lock, and the CLI source). If you cannot review the code or provenance, avoid installing. Also prefer explicit prompts/consent for using remote Browserbase or model API keys rather than automatic selection.

Like a lobster shell, security has layers — review code before you run it.

latestvk972tx7kmt7qxc2bk17z107m7980j217

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments