Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browser Use
v2.0.1Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with w...
⭐ 83· 35.3k·399 current·422 all-time
byshawn pana@shawnpana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the runtime instructions: the SKILL.md documents a CLI that navigates pages, interacts with elements, screenshots, extracts data, and connects to local or cloud browsers. Asking for access to a browser profile, cookies, and cloud API keys is consistent with a browser automation tool.
Instruction Scope
The instructions expose raw CDP and a Python REPL that can execute arbitrary CDP commands and JavaScript in pages, intercept network requests, and read cookies. They also describe connecting to the user's existing Chrome (preserving logins/cookies) and commands that upload local files. Those are legitimate automation features but are high-risk: the agent can access and exfiltrate sensitive browsing data or local files if misused. The SKILL.md does not place limits or safeguards on what pages/data can be accessed.
Install Mechanism
This is an instruction-only skill with no install spec or bundled code — lowest install risk. It assumes a 'browser-use' CLI is present on PATH and that the agent may invoke it via shell.
Credentials
The metadata lists no required env vars, but the documentation references optional environment/config items (BROWSER_USE_API_KEY, BROWSER_USE_SESSION) and persistent files/sockets under ~/.browser-use. The skill can access browser cookies and profiles and suggests saving an API key; these are sensitive but not declared in requires.env. The lack of explicit declaration of these optional credentials/config paths reduces transparency.
Persistence & Privilege
always:false (good). The skill documents creating per-session daemons, Unix sockets (~/.browser-use/{name}.sock), and persistent cloud profiles. That persistence is expected for a long-running browser daemon, but it means state (and any stored API key or session data) will be kept on disk — the SKILL.md doesn't state where API keys are stored or how to remove them beyond 'cloud logout'.
What to consider before installing
This skill appears to be a genuine browser automation CLI, but it grants the agent broad access to your browser and local environment if invoked: it can connect to your real Chrome profile (reading cookies, login state), execute arbitrary JavaScript/CDP commands (including network interception), upload local files, and store/use a cloud API key. Before installing or enabling it: (1) verify the binary's provenance and source (no homepage/source provided here), (2) avoid connecting your default/profile that contains sensitive accounts — use a throwaway session/profile, (3) do not provide secrets or your primary browser profile unless you fully trust the skill, (4) prefer ephemeral sessions and remove stored API keys after use (check where keys are stored), and (5) if you need stronger assurance, request the skill's source or a signed release and/or run it in an isolated environment. Because the instructions allow high-risk actions and the package metadata is sparse, proceed cautiously.Like a lobster shell, security has layers — review code before you run it.
latestvk97brca8n6gd36gwby8hcn96yn84hyrw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.