ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bits Browser Automation

v1.0.0

Control browser automation agents via the Bits MCP server. Use when running web scraping, form filling, data extraction, or any browser-based automation task. Bits agents can navigate websites, click elements, fill forms, handle OAuth flows, and extract structured data.

0· 2k·0 current·0 all-time
byRobbie Thompson@robbiethompson18
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md describes a browser-automation MCP integration (navigate, click, fill forms, handle OAuth/2FA) which matches the skill name and description. However the registry metadata lists no source/homepage and declares no required env vars while the runtime instructions explicitly require a BITS_API_KEY and editing the agent MCP config. The missing metadata (source/homepage) and undeclared API key are inconsistent with the stated purpose.
!
Instruction Scope
The instructions tell the agent/operator to obtain an API key from app.usebits.com and add it as BITS_API_KEY to the MCP config (~/.openclaw/openclaw.json or ~/.claude.json). They also direct the agent to use an npx-installed 'usebits-mcp' package to run TypeScript in Bits' sandbox. This gives a remote service the ability to execute automation against websites and receive page contents (including any credentials or PII encountered), which is functionally necessary for browser automation but is a broad scope that should be explicit in metadata and trust decisions. The SKILL.md does not explicitly call out privacy/exfiltration risks of sending page content to Bits.
Install Mechanism
There is no formal install spec, but the runtime steps rely on 'npx -y usebits-mcp' which will download and execute code from the npm registry at first run. This is a common pattern but has higher risk than pure instruction-only skills because arbitrary remote code can be pulled and executed. The absence of a pinned package version, checksum, or authoritative source/homepage increases the risk.
!
Credentials
The skill metadata declares no required environment variables, yet SKILL.md instructs adding BITS_API_KEY (starts with 'bb_') to the MCP server env. That mismatch is a clear inconsistency. Additionally, the feature set mentions handling OAuth and stored credentials — implying user credentials or sensitive tokens may be uploaded/stored on the Bits platform. These credential flows are plausible for the described capability but deserve explicit declaration and justification in the metadata.
Persistence & Privilege
always:false (normal) and no requests to modify other skills are present. The instructions do require writing an MCP config entry (~/.openclaw/openclaw.json or ~/.claude.json), which is expected for adding a new MCP server. This is normal but the user should consciously permit editing their agent configuration.
Scan Findings in Context
[no_regex_findings] expected: The regex scanner found nothing because this is an instruction-only skill with no code files. That absence is expected, but the SKILL.md itself contains the runtime behavior that must be reviewed manually.
What to consider before installing
Summary of what to check before installing: - Verify the service and package: confirm app.usebits.com is the legitimate Bits service and inspect the npm package 'usebits-mcp' (owner, version, recent activity, tarball contents) before running npx. Prefer a pinned version and checksum rather than blind 'npx -y'. - Expect remote execution and data transfer: browser automation will send page contents and form values to the Bits service/sandbox. Do not automate pages that contain secrets or highly sensitive personal data unless you trust the service and understand its data-handling policies. - API key scope and storage: the SKILL.md requires a BITS_API_KEY but the registry metadata doesn't declare it—treat this as required. Use limited-scope or ephemeral API keys if possible, and avoid putting long-lived sensitive credentials into global agent config if you can scope them. - Configuration changes: the instructions edit your MCP config (~/.openclaw/openclaw.json or ~/.claude.json). Back up that file before modifying it and verify the exact JSON you add. - Privacy and 3rd-party credentials: the skill mentions handling OAuth/2FA and stored credentials — confirm where those credentials are stored, how long they are retained, and whether the Bits provider can access them. - If you need higher assurance: request the skill owner/source information, a homepage or repository, and a pinned npm package version or release tarball you can audit. Without that, treat this integration as requiring moderate trust.

Like a lobster shell, security has layers — review code before you run it.

latestvk978nkqv0m85c0a0b1xpf0xbbd80c074

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments