Server Browser Automation
Security checks across malware telemetry and agentic risk
Overview
This is a coherent browser-automation setup, but it grants broad control over persistent logged-in browser sessions and its installer may run the remote desktop/browser environment with excessive privilege.
Install only on a dedicated server or container after reviewing the script. Run the desktop and Chrome as a non-root automation user, firewall or tunnel VNC/CDP/Gateway ports, use a separate browser profile and low-privilege accounts, and require manual confirmation before the agent submits forms, posts content, purchases, deletes, or changes account data.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent controls a logged-in browser, it could submit forms, post content, or perform account actions with the user's identity if prompted incorrectly or if a task is misunderstood.
The skill explicitly positions the browser automation for multi-account and bulk public-content actions, but the provided instructions do not define approval gates, allowed sites, rollback, or other limits for high-impact account actions.
| **批量操作** | 多账号管理、批量发布内容 |
Use only dedicated low-privilege accounts and require explicit human confirmation before any posting, purchasing, submitting, deleting, or account-changing action.
Any account logged into this browser profile may be usable by the agent as if it were the user, including private data access and account mutations.
The skill deliberately persists browser cookies and uses them for later AI-controlled actions, which gives the agent delegated access to any logged-in sites in that Chrome profile.
个人资料模式(Cookie 持久化) ... 后续 AI 自动操作(Cookie 已保存)
Create a separate browser profile and separate service accounts for automation, avoid logging into high-value personal accounts, and regularly clear or rotate the profile when no longer needed.
A remote desktop or browser automation compromise could have root-level impact on the server instead of being confined to a normal user account.
The script requires root/sudo and then sets VNC_USER from whoami; when run with sudo, this will typically be root, causing the VNC desktop setup to run as root rather than an unprivileged user.
if [ "$EUID" -ne 0 ]; then ... VNC_USER=$(whoami) ... su - $VNC_USER -c "vncserver :1 -geometry 1920x1080 -depth 24"
Change the installer to use the invoking non-root user, such as SUDO_USER, and run VNC/Chrome as an unprivileged dedicated automation user; use sudo only for package installation.
Anyone who can reach the VNC service and obtain or guess the VNC password could view or control the logged-in browser session.
The instructions expose a VNC remote desktop endpoint for the server browser session, but do not describe firewall restrictions, SSH tunneling, TLS, or limiting access to trusted networks.
用 VNC 查看器连接:`服务器 IP:5901`
Bind VNC to localhost or a private interface, require SSH tunneling or VPN access, use strong unique passwords, and firewall ports 5901, 18800, and any OpenClaw gateway ports.
The installation changes the host system and trusts external package repositories, which can affect system security and maintenance.
Installing Chrome and desktop components is purpose-aligned, but the script modifies system package sources and installs unpinned packages as root.
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | apt-key add - ... apt-get install -y google-chrome-stable
Review the installer before running it, prefer modern signed-by apt key configuration, and install only on a disposable or dedicated automation host.
The logged-in browser may remain controllable for future tasks longer than the user expects.
Keeping Chrome running with saved cookies is disclosed and central to the skill, but it creates a persistent automation surface that remains available after the initial login.
保持 Chrome 运行 ... 后续 AI 自动操作(Cookie 已保存)
Stop Chrome and VNC when automation is not needed, clear the automation profile when finished, and document who is allowed to trigger browser actions.