Skillv2.0.1

ClawScan security

Brave Loggedin Tag Browsing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 18, 2026, 7:14 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its description: it uses Playwright to connect to a local Brave/Chrome profile or OpenClaw CDP and scrape posts from X/Twitter and Facebook while relying on a logged-in browser session — no unrelated credentials or remote exfiltration endpoints were found.
Guidance: This skill appears to do what it says, but it requires access to your Brave/Chrome profile (cookies and logged-in sessions) to read private or authenticated content. Before installing: (1) only run it on a machine/profile you control; consider creating a dedicated browser profile for automation so your personal accounts are not exposed; (2) be aware it connects to localhost CDP (http://localhost:18800) — if a malicious CDP server were running locally it could be used; (3) installing will pull Playwright and its browser components from npm (normal but moderately privileged); (4) review/modify hardcoded paths (e.g., ~/.config/google-chrome, /usr/bin/brave-browser) if they don't match your environment. If you need stronger guarantees, run the skill in an isolated environment or ephemeral profile.

Review Dimensions

Purpose & Capability: okThe name/description (logged-in Brave browsing of X/Facebook) aligns with the implementation: files use Playwright to connect to a local CDP (port 18800) or launch Brave with a persistent userDataDir. Playwright is a reasonable dependency for this task. No unrelated credentials or external services are required.
Instruction Scope: noteSKILL.md and the code are focused on browsing user pages, checking login state, extracting posts/profile/stats, and prefer connecting to an OpenClaw browser instance. The README and troubleshooting mention cookie files and starting the OpenClaw browser tool; these are within the skill's stated scope but do mean the skill will read and use whatever is present in the browser profile (cookies/sessions).
Install Mechanism: noteThis is instruction- and code-based (no declarative installer). Dependencies come from npm (playwright) as declared in package.json/package-lock.json — a standard, traceable source. There are no downloads from personal servers or URL shorteners. Installing Playwright will pull browser binaries via its normal mechanism (expected but moderately privileged).
Credentials: noteThe skill requests no env vars or external credentials, which is appropriate. However, it intentionally accesses a persistent browser profile (userDataDir like ~/.config/google-chrome or /home/shuttle/.config/google-chrome) and connects to local CDP. Access to that directory gives the skill cookies/session tokens and therefore access to logged-in content — this is necessary for the feature but is sensitive and worth user caution.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated platform privileges. It intentionally keeps the browser session alive (does not close the browser) to preserve login state, which is reasonable for the use case but means sessions remain accessible after a run.