Tahcia
WarnAudited by ClawScan on May 18, 2026.
Overview
Tahcia appears to be a browser-control client, but it under-discloses broad browser automation, input/session capture, persistence, and a native screen-capture-capable helper.
Install only if you intentionally want Tahcia to control browser tabs. Use a separate browser profile or non-sensitive sites, authorize origins narrowly, disconnect/reset when finished, and ask the publisher for clear documentation on recorded data, session storage, the native macOS helper, and process shutdown.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can actively operate inside browser tabs, not just observe or provide advice.
The background worker can navigate existing tabs, create new tabs, register them, and inject a recorder script into controlled tabs.
await chrome.tabs.update(tabId,{url:url,active:true}); ... chrome.tabs.create({url:url,active:true}); ... chrome.scripting.executeScript({target:{tabId:tabId},func:recorderScript})Only authorize tabs and origins you intend to automate, and require clear documentation of allowed commands and user approval for navigation, form entry, and other browser mutations.
A web page where this bridge is present may be able to direct the extension’s browser-control channel.
A page message can be forwarded as an extension command, and the result is posted back to the page; the snippet shows no command allowlist or session validation.
if(event.data&&event.data.type==="EXECUTE_COMMAND"){chrome.runtime.sendMessage({type:"EXECUTE_COMMAND",command:event.data.command}).then(d=>{window.postMessage({...d},"*")})}The bridge should restrict commands to the trusted console, bind requests to a verified session, validate command types/arguments, and avoid wildcard result posting where possible.
Sensitive information typed or selected in an authorized tab could be captured as part of the recording context.
The recorder script captures keystrokes, input field values, and copied/selected text from controlled pages.
const onKeyDown=e=>{...send("keydown",{key:e.key,...})}; const onInput=e=>send("input",{value:e.target.value,...}); const onCopy=()=>{...const selectedText=sel.toString();...}Avoid using this skill on banking, password, medical, admin, or other sensitive pages unless the data collection, retention, and deletion behavior is clearly documented and acceptable.
A Tahcia session token or similar session identifier is handled by the extension, but the metadata declares no credentials and SKILL.md does not explain this.
The content script reads a session value from cookie/localStorage/sessionStorage and extracts a session identifier.
document.cookie.match(/plugin=([^;]+)/)?.[1]||localStorage.getItem("plugin")||sessionStorage.getItem("plugin"); ... JSON.parse(sid).sessionThe skill should declare session handling, specify exactly which site/session key is used, minimize storage, and provide a clear reset/logout path.
Installing the skill may add native code with screen/UI capabilities that is harder for users to inspect than the JavaScript files.
The package includes a compiled macOS executable linked to screen-capture and system UI-related frameworks, but the provided SKILL.md does not describe this native helper or its provenance.
ScreenCaptureKit.framework ... ApplicationServices.framework ... CoreGraphics.framework ... Vision.framework
The publisher should document why the binary is needed, provide source or reproducible-build details, hashes/signing information, OS permission requirements, and when it is invoked.
Using the skill starts local code that may continue independently of the immediate user prompt.
Activating the skill starts a local Node MCP process. This is coherent with a browser execution client, but it is not explained by the minimal SKILL.md.
const child = spawn("node", [path.join(__dirname, "tahcia-mcp.cjs")], { stdio: "pipe", cwd: __dirname, detached: false }); ... child.unref();Document the process lifecycle, ports/transports used, logs, shutdown behavior, and how a user can verify it has stopped.
A browser-control session may remain active after the initial setup or task unless the user explicitly resets/disconnects it.
The extension persists session/controlled-tab state and keeps the console tab from being discarded, which extends the browser-control session beyond a single action.
chrome.storage.local.set({sessionId:state.sessionId,controlledTabs:state.controlledTabs,consoleTabId:state.consoleTabId,phase:state.phase}); ... await chrome.tabs.update(state.consoleTabId,{autoDiscardable:false})Make persistence visible to users, default to short-lived sessions where possible, and provide clear controls for disconnecting, clearing stored state, and unregistering tabs.