Back to skill
Skillv2.0.1
VirusTotal security
Brave Loggedin Tag Browsing · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:56 AM
- Hash
- f5a0589ab35e1b89a35c7ec4064eab67f0066d55f88e3274222973197bc342dd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: brave-loggedin-tag-browsing Version: 2.0.1 The skill is designed to scrape data from X/Twitter and Facebook by accessing the user's authenticated browser sessions, which involves reading sensitive browser profile data from hardcoded paths like `/home/shuttle/.config/google-chrome` (found in `dist/index.js` and `index.ts`). While this behavior is consistent with the stated purpose of 'social media monitoring,' the ability to programmatically access and extract data from logged-in accounts is a high-risk capability. The implementation also disables security features such as the Chromium sandbox and `AutomationControlled` flags to evade bot detection, which is a common technique in scraping tools but increases the attack surface.
- External report
- View on VirusTotal