ClawHub
Back to skill
v0.1.0

OpenClaw Browser Recover

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:29 AM.

Analysis

This skill is a coherent browser troubleshooting helper that runs local diagnostics and may restart the OpenClaw gateway once; users should notice the local command and browser-profile access.

GuidanceThis appears safe for its stated purpose if you are comfortable with local troubleshooting commands and a possible OpenClaw gateway restart. Before using it, save active browser work, close sensitive tabs if using the user Chrome profile, and inspect the optional healthcheck script if you plan to run it.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
openclaw gateway status
ss -lntp | egrep '(:18789|:18791|:9222)' || true
...
openclaw gateway restart

The skill directs the agent/user to run local diagnostics and perform a gateway restart. This is disclosed and purpose-aligned for browser recovery, and the instructions limit it to one restart.

User impactThe OpenClaw gateway or browser-control channel could briefly restart or disrupt active browser automation work.
RecommendationUse this when troubleshooting browser-control failures; if active work is in progress, confirm before allowing the gateway restart.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
scripts/healthcheck.sh
#!/usr/bin/env bash
...
openclaw gateway status || true
...
ss -lntp | egrep '(:18789|:18791|:9222)'

The helper script depends on local shell utilities and the openclaw CLI, while the registry requirements list no required binaries. This is a metadata completeness issue, not hidden install behavior.

User impactAutomated install checks may not warn that these local commands must be available for the optional healthcheck to work.
RecommendationReview the included script and ensure the expected local tools are present before running the optional healthcheck.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
`profile="user"` 依赖本机 Chrome 的 **CDP 9222** ... `browser.tabs profile="user" limit=5`

The skill checks the live user Chrome profile and requests a small tab listing via CDP. This is coherent for browser-tool recovery, but it touches the user's active browser context.

User impactThe agent may see basic information about up to five open tabs in the user's Chrome profile during diagnostics.
RecommendationClose sensitive tabs or use an isolated OpenClaw/browser profile if you do not want your normal Chrome context inspected.