ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Auto-AI Web Bridge

Skill per generare codice e immagini tramite interfaccia web di Claude AI e Gemini quando le API non sono disponibili. Si attiva automaticamente quando l'ute...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 363 · 2 current installs · 3 all-time installs
by@metiu1
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The described goal (use Claude/Gemini web interfaces when APIs are unavailable) matches the instructions to navigate sites and submit prompts. However, the skill requires the agent to prompt for and store third-party login credentials and to write files into a specific home path (/home/rasberry/...), while the skill declares no required config paths, binaries, or credentials — this mismatch is disproportionate and unexplained.
!
Instruction Scope
SKILL.md explicitly tells the agent to ask users for site credentials, attempt logins, and "save credentials in modo sicuro." It also instructs downloading files to a particular filesystem path and interacting with CAPTCHAs via GUI/manual steps. Those actions involve sensitive data handling and persistent filesystem access beyond a simple prompt/response workflow.
Install Mechanism
There is no install spec (instruction-only), which reduces some risk. However, the instructions implicitly require browser automation capabilities (control a browser, detect session state, fill login forms, handle downloads and CAPTCHAs) but do not declare any required binaries/libraries or explain how to perform these actions — an operational gap that increases risk in practice.
!
Credentials
The skill requests credentials from the user at runtime and tells the agent to store them, but declares no env vars or secrets handling mechanism. Requesting and persisting site passwords is highly sensitive and should be justified and constrained (e.g., use OAuth, ephemeral sessions). The hard-coded home path is another disproportionate and brittle expectation.
!
Persistence & Privilege
Although always:false and not autonomously privileged by metadata, the instructions explicitly ask to save credentials and to write generated images to a specific workspace location — implying persistent changes to the agent environment. The skill does not declare or justify persistent storage or where/how credentials are protected.
What to consider before installing
This skill will ask you to enter third-party login credentials and suggests saving them locally. Before installing, consider: (1) avoid sharing real account passwords — prefer official API keys or OAuth/session tokens if available; (2) do not allow the agent to store passwords in plain files; if you must provide credentials, use a throwaway account and revoke it later; (3) the SKILL.md assumes browser automation but doesn't declare required tools (e.g., Playwright/Selenium) — confirm how the skill will control the browser; (4) the skill references a hard-coded path (/home/rasberry/...), which may not match your environment and could cause unexpected file writes; (5) if you proceed, require explicit prompts before any credential use or persistence and audit any saved files; if these issues aren't acceptable or cannot be corrected, treat the skill as untrusted and do not install.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
ai-orchestratorvk976kd7hv19gmqwjjh04t3y4498218gxbrowser-bridgevk976kd7hv19gmqwjjh04t3y4498218gxclaude-webvk976kd7hv19gmqwjjh04t3y4498218gxgemini-webvk976kd7hv19gmqwjjh04t3y4498218gxlatestvk976kd7hv19gmqwjjh04t3y4498218gxopenclaw-skillvk976kd7hv19gmqwjjh04t3y4498218gx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Auto AI Web

Condizioni di Attivazione

Attivati automaticamente quando:

  • L'utente richiede generazione di immagini
  • L'utente richiede scrittura o analisi di codice
  • Le API ufficiali non sono configurate o non accessibili

Istruzioni Operative

1. Determina il tipo di richiesta:

2. Workflow per CODICE:

  1. Naviga su https://claude.ai
  2. Verifica se la sessione è attiva (utente loggato)
  3. Se NON loggato: chiedi credenziali all'utente
  4. Se loggato: inserisci il prompt nel campo di testo
  5. Invia e attendi la risposta
  6. Copia la risposta in formato Markdown
  7. Restituisci il codice all'utente

3. Workflow per IMMAGINI:

  1. Naviga su https://gemini.google.com
  2. Verifica se la sessione è attiva
  3. Se NON loggato: chiedi credenziali all'utente
  4. Se loggato: inserisci il prompt per l'immagine
  5. Genera e attendi
  6. Scarica l'immagine generata
  7. Salva in /home/rasberry/.openclaw/workspace/downloads/
  8. Invia il file all'utente

4. Gestione Accesso

  • Se l'accesso non è automatico (sessione scaduta/assente)
  • FERMATI e chiedi esplicitamente le credenziali
  • Non insistere, aspetta input dell'utente
  • Dopo aver ricevuto credenziali, prova il login

5. Gestione CAPTCHA

  • Se incontri un CAPTCHA durante la navigazione
  • Attiva l'interazione GUI/manuale
  • Chiedi assistenza all'utente se necessario

Comandi Utili

# Scaricare immagini
curl -L "URL_IMMAGINE" -o /home/rasberry/.openclaw/workspace/downloads/IMAGE_NAME.png

Note

  • Salva le credenziali in modo sicuro se l'utente le fornisce
  • Non conservare password in chiaro nei file di configurazione
  • Se il servizio è inaccessibile, informa l'utente e proponi alternative

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…