Back to skill
Skillv1.0.2
VirusTotal security
freeman-browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:33 AM
- Hash
- 629c743a94700635bfe72f4c26a127b8672a024dc4358cff37c417b43a039ef6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: freeman-browser Version: 1.0.2 The skill provides powerful web automation capabilities, including anti-bot detection bypass, CAPTCHA solving, and network interception, which are inherently risky. The `scripts/browser-freeman.js` file launches Chromium with `--no-sandbox`, `--disable-setuid-sandbox`, and `--disable-web-security` flags, significantly reducing the browser's security posture and creating a vulnerability. While these flags are often used in browser automation, they increase the risk of exploitation if the agent is compromised or instructed to visit malicious sites. Additionally, the `SKILL.md` documentation describes saving/restoring cookies via `fs.writeFileSync` and `fs.readFileSync` to `/tmp/session.json`, which, combined with the browser's reduced security, could be leveraged for unintended file system access or data exfiltration if the AI agent is subject to prompt injection.
- External report
- View on VirusTotal