ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

browser Devtools Inspector

v1.0.0

Inspect and analyze browser DevTools Console, Network, and Performance data to debug frontend issues like errors, failed requests, CORS, and slow loads.

1· 656·0 current·0 all-time
by@qtadagm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts: capture_console.js, capture_network.js, analyze_performance.js, and check_cors.js all use Puppeteer to collect DevTools data. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md simply tells the agent/user to run the included Node scripts against a URL. This is appropriately scoped to DevTools inspection. Note: the scripts accept arbitrary URLs and will execute page JavaScript and network requests in a headless browser, so captured output may include sensitive data printed by the page or returned by APIs (this is expected for a debugging tool).
Install Mechanism
There is no installer spec in the registry; the package includes package.json that depends on puppeteer. That is reasonable for these scripts. Be aware npm install / puppeteer will download a Chromium build on first install (network activity and disk write are expected).
Credentials
The skill requests no environment variables or credentials. The README mentions an optional PUPPETEER_EXECUTABLE_PATH to point to a local Chrome binary — consistent and optional for Puppeteer usage.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges or modify other skills. It runs on-demand via CLI scripts, which is appropriate for its purpose.
Assessment
This skill appears coherent for DevTools-style debugging. Before running it: (1) run it locally or in an isolated environment, especially if you will point it at production/internal URLs — the scripts execute page JavaScript and capture console/network output which may include secrets; (2) review any JSON output before sharing; (3) be aware npm install will download Chromium via puppeteer (large download, network access); (4) if you want to avoid auto-downloaded Chromium, set PUPPETEER_EXECUTABLE_PATH to a trusted local Chrome/Chromium binary; (5) avoid running against authenticated endpoints unless you intentionally want the tool to observe authenticated requests and responses; and (6) if you have concerns about visiting untrusted pages, run in a sandboxed environment (VM/container) to limit risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ygch4r2fzqmz7x3tdbw2h5822dn1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments