Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
tappi
v3.5.0Lightweight CDP browser control for AI agents. Token-efficient alternative to the built-in browser tool — 3-10x fewer tokens per interaction. Use when browsi...
⭐ 0· 727·1 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and embedded scripts implement a local Node.js CLI that talks to a Chrome DevTools Protocol endpoint — this matches the skill description. However, the registry metadata lists no required binaries while SKILL.md instructs you to run `npm install` and run `node` (Node.js/npm are functionally required). That metadata omission is a mismatch and should have been declared. Also SKILL.md claims 'instruction-only' install but includes sizeable JS code that must be installed and run.
Instruction Scope
Instructions are narrowly scoped to controlling a Chrome/Chromium instance via CDP (navigate, click, type, upload, eval, screenshot). Those actions are expected for this purpose. Important note: several commands intentionally read local files (paste --file, upload) and run arbitrary JS in page context (eval), which are coherent with the tool's functionality but enable reading local files and interacting with remote websites (potential exfiltration).
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs the user to run `cd scripts && npm install`, which pulls the 'ws' package from npm. Using npm is a reasonable choice for a Node CLI, but it is a moderate-risk install path compared with no-install — it writes code to disk and pulls third-party packages. The registry should have declared this requirement.
Credentials
The skill declares no required environment variables, and the code defaults to a local CDP endpoint at http://127.0.0.1:18800 (override via CDP_URL). That is proportionate. Caveat: if CDP_URL is set to a remote endpoint, the tool could talk to a non-local CDP (potential exfiltration). The ability to read files and upload them to web pages is functionally justified but increases privacy risk; these capabilities are powerful and should be used only with trusted profiles and content.
Persistence & Privilege
The skill does not request always:true or modify other skills or agent-wide settings. It requires explicit invocation and runs as a local Node CLI; no elevated or persistent platform privileges are requested.
What to consider before installing
This package appears to implement what it says (a lightweight CDP CLI) but exercise caution before installing:
- The tool requires Node.js/npm and a Chrome/Chromium with --remote-debugging-port; the registry metadata did not declare Node as a required binary — confirm you want to run Node scripts from this skill.
- The CLI can read local files (paste --file) and inject files into web pages (upload), and it can execute arbitrary JS in pages (eval). These behaviors are necessary for its features but can expose sensitive files or send data to external sites if misused. Do not run it with a browser profile that has signed-in accounts or sensitive cookies unless you trust the code and environment.
- The CDP endpoint defaults to localhost, but CDP_URL can be changed; avoid pointing it at untrusted remote endpoints.
- Review the full scripts/browser.js (and any truncated parts) yourself or run in an isolated environment (container or VM) before giving it access to real data or profiles.
- If you decide to proceed: run the install step yourself (cd scripts && npm install), inspect installed node_modules (ws), and consider restricting the browser profile used (use a disposable profile or containerized browser).Like a lobster shell, security has layers — review code before you run it.
latestvk97c41bx53t98b01rgxkq9xx5181je2z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.