Browser Web Search
WarnAudited by ClawScan on May 18, 2026.
Overview
This browser-search skill is openly documented and defensive, but it can let third-party code read private data from your logged-in browser sessions, so it needs careful review before use.
Do not treat this as a simple public web-search plugin. It is best used with a separate OpenClaw browser profile, public-only mode by default, and explicit review of the pinned upstream npm package before enabling any sensitive adapter.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled for sensitive adapters, the skill or its dependency may read private content from accounts you are logged into in the OpenClaw browser.
The skill explicitly reuses logged-in browser sessions and can access private account-protected data, which is high-impact delegated authority.
此 Skill 自动复用浏览器登录态,可读取您已登录站点的任何可见数据 ... 可读取账户保护的页面(私信、收藏、个人资料、订单等)
Use a dedicated OpenClaw browser profile, keep BWS_PUBLIC_ONLY=1 unless authenticated access is truly needed, close unrelated tabs, and only enable sensitive adapters for sites you intentionally approve.
A compromised or insufficiently audited upstream package could use the browser session authority granted by this skill to access account data.
Sensitive session handling is delegated to an external npm package that is not part of the reviewed skill artifacts; integrity pinning helps but does not sandbox or explain the dependency's runtime behavior.
第三方 npm 包(browser-web-search)在页面上下文中执行,可访问站点认证数据 ... 包代码不包含在此 Skill 中,需独立审计
Audit the pinned browser-web-search@0.4.3 source before use, install only the pinned version, prefer the documented --ignore-scripts install path, and re-review before any version change.
The skill leaves a local metadata trail and may reuse prior per-site consent for the same audited package bytes.
The skill persists audit records and consent decisions. The artifacts describe this as metadata-only and access-restricted, so it is disclosed persistence rather than hidden background behavior.
Store | ~/.bws/consents.json (mode 0600) ... Append-only JSON Lines, mode 0600, 1 MiB rotation to audit.log.1.
Review ~/.bws/audit.log and ~/.bws/consents.json periodically, and delete or reset the consent ledger if you no longer want previously approved sensitive sites to remain approved.