Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browser Js
v1.5.0Lightweight CDP browser control for AI agents. Token-efficient alternative to the built-in browser tool — 3-10x fewer tokens per interaction. Use when browsi...
⭐ 0· 1k·6 current·6 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name/description match the included code and SKILL.md: it is a CDP-based browser automation CLI. Small mismatches: metadata lists no required binaries/env vars but the tool expects Node (to run node browser.js and npm install) and optionally CDP_URL — these are mentioned in SKILL.md but not declared in the registry 'requires' fields.
Instruction Scope
Runtime instructions stay within the browsing/automation scope (npm install, run node script, connect to local CDP). However the tool exposes powerful actions: page.eval (run arbitrary JS in page), DOM.setFileInputFiles (inject files into file inputs), and coordinate-based Input events (can interact with cross-origin iframes/captchas). These are expected for a browser automation tool but are sensitive because they can act using the browser's signed-in sessions and read/act on page content.
Install Mechanism
There is no packaged install spec — the SKILL.md requires running 'npm install' in the scripts/ dir (uses the well-known npm registry dependency 'ws'). No remote download URLs or archives are present in the install flow. This is a moderate-risk but expected approach for a JS CLI script.
Credentials
The skill declares no required credentials or config paths, which is consistent with a local-only tool. SKILL.md allows overriding the CDP endpoint via CDP_URL (not declared in metadata). Important capability: connecting to a browser profile with --user-data-dir (signed-in sessions) means the tool can act as the signed-in user and access cookies/session data — this is expected for a browser controller but is sensitive and worth explicit consideration.
Persistence & Privilege
Skill is not 'always: true' and does not request elevated or persistent platform privileges. It suggests an optional local alias but does not modify other skills or agent-wide configuration.
Assessment
This skill is coherent with its stated purpose (local CDP-based browser automation), but review these points before installing:
- You will need Node/npm to run it; SKILL metadata doesn't list Node as a required binary. Run 'npm install' in the scripts/ directory as instructed.
- The tool connects to a Chrome/Chromium instance via the CDP endpoint (default http://127.0.0.1:18800 or set CDP_URL). Ensure the debug port is bound only to localhost and not exposed to the network.
- It can use your browser profile (signed-in sessions) and can run arbitrary JS in pages, inject files into file inputs, and dispatch real mouse events — meaning it can read private page content and perform actions as you. Only use it with a browser/profile you trust and not on shared or public machines.
- The SKILL.md references CDP_URL but the registry metadata does not declare any env vars; be aware of this mismatch. When creating a local alias, double-check the path used so you don't accidentally point to a different script.
- If you plan to allow autonomous agent invocation, consider limiting autonomy or reviewing the code thoroughly; the code uses only local CDP and the npm 'ws' package, but arbitrary page.eval still allows data access.
If you want higher assurance, inspect the full scripts/browser.js file locally and run it in a controlled environment first (with a disposable browser profile).Like a lobster shell, security has layers — review code before you run it.
latestvk97fygh79xxxnx32hethc0befd81fwe5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.