Back to skill
Skillv1.0.5
VirusTotal security
Fastest Browser Use · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:12 AM
- Hash
- d343463ae08edd1d8a53584c9c79d080876ca4a66acc2a6ba3bc6b458ed59ca2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fast-browser-use Version: 1.0.5 This skill is classified as suspicious due to the presence of high-risk capabilities that could be misused, even though there is no clear evidence of intentional malicious behavior within the provided files. The `evaluate` tool, registered in `src/mcp/mod.rs`, allows for arbitrary JavaScript execution in the browser context, which is a powerful primitive for potential data exfiltration or unauthorized actions. Additionally, the `LaunchOptions::sandbox(false)` setting is used in `src/bin/cli.rs` and `src/bin/mcp_server.rs`, disabling a critical browser security feature and increasing the attack surface. While the `SKILL.md` documentation does not contain prompt injection attempts and openly describes sensitive features like 'Login & Cookie Heist' (which involves managing cookies and local storage via `src/tools/cookies.rs` and `src/tools/local_storage.rs`), these capabilities, especially when combined with arbitrary JS execution and a disabled sandbox, elevate the risk beyond benign.
- External report
- View on VirusTotal