ChatGPT Web Skill
ReviewAudited by ClawScan on May 18, 2026.
Overview
This skill is mostly coherent for automating ChatGPT Web, but it handles persistent login state and can copy the browser profile outside its stated local data directory.
Install only if you are comfortable letting this skill automate a logged-in ChatGPT Web browser session and store local browser state. Be aware that the code can clone the browser profile to a temporary directory if the profile is in use, despite documentation saying all data stays inside the skill directory.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your ChatGPT login/session data may be duplicated outside the skill's documented data folder, making cleanup and access boundaries less clear.
The skill can copy the browser profile containing ChatGPT login/session state from its normal data directory into a temporary directory when the profile is locked.
fallback_root = tempfile.mkdtemp(prefix="chatgpt-profile-") ... shutil.copytree(user_data_dir, fallback_dir, dirs_exist_ok=True, ignore=shutil.ignore_patterns("Singleton*", "DevToolsActivePort"))Only use this on a trusted machine, avoid running multiple instances that trigger profile cloning, and ask the publisher to document and clean up temporary profile copies.
A user may rely on the documented data-location promise and miss that sensitive browser state can be copied elsewhere.
This privacy/scoping claim conflicts with the browser utility's fallback behavior that copies the browser profile to a temporary directory outside the skill directory.
All data stays inside the skill directory: ... `data/browser_state/` — cookies, storage state, persistent browser profile
The documentation should disclose the temporary clone behavior and provide a reliable cleanup mechanism, or the code should avoid copying session profiles outside `data/`.
A browser session using your ChatGPT account may stay available for reuse until it is closed, reset, garbage-collected, or logged out.
The skill intentionally supports persistent browser sessions and runtime daemon artifacts, which is disclosed and purpose-aligned but means a logged-in browser session can remain active after a single prompt.
Keep a long-lived browser session for multi-turn dialogue ... `data/session_runtime/` — daemon socket, pid, and runtime artifacts
Close or garbage-collect sessions when finished, and use `auth_manager.py logout` if you do not want the skill to retain ChatGPT login state.
Running the skill may install Python packages locally even though the install mechanism is not declared as a registry install step.
The skill performs dependency installation through its wrapper even though the registry says there is no install spec. The dependencies shown are pinned, so this is an under-declared setup behavior rather than clear malicious activity.
The wrapper ensures the local `.venv` exists, installs dependencies, and runs the target script with the correct interpreter.
Review `requirements.txt` before first use and prefer an explicit install specification or documented setup process.