ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browser Automation V2

Enterprise-grade browser automation with automatic tab cleanup, timeout retries, concurrency lock, smart waiting, and configurable environment settings.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 1.2k · 6 current installs · 6 all-time installs
byBoda Fu@BodaFu
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the code: the files implement an OpenClaw CLI-driven browser manager and helpers (search, fetch, multi-page, form fill). No unrelated credentials or services are requested.
!
Instruction Scope
Runtime instructions and scripts call the OpenClaw CLI to control a browser (expected). However many commands are built by interpolating user-supplied data (URLs, JSON field values, refs) into shell command strings passed to exec — this can allow shell/command injection if inputs are untrusted. The SKILL.md suggests running the scripts directly and setting env vars but does not warn about sanitizing inputs.
Install Mechanism
No install/download step; the skill is instruction+code only. Nothing is fetched from external URLs or installed automatically.
Credentials
The skill declares no required secrets or config paths. It uses optional environment variables for profile/timeout/retries which are proportional to a browser automation tool.
Persistence & Privilege
always is false, the skill doesn't request permanent platform-level presence or modify other skills. It writes lock files under /tmp for concurrency control (expected).
What to consider before installing
This skill appears to do what it says, but exercise caution before installing or running it on sensitive systems. Key concerns and recommendations: - Command-injection risk: the code builds shell commands with user-controlled values (URLs and form values) and calls child_process.exec. If you pass untrusted input, an attacker could inject shell operators. Prefer running these scripts only with trusted inputs, review and/or modify the code to use execFile/spawn with argument arrays or properly escape inputs. - Run in isolation: test in a contained environment (dedicated VM/container, limited privileges) and avoid running with sensitive environment variables or on production hosts until you audit it. - Audit the OpenClaw CLI: the scripts rely entirely on the local `openclaw` CLI/gateway — ensure that binary is from a trusted source and behaves safely when given arguments. - Small bugs: there are minor implementation issues (e.g., fallbackToBrowser references exec without a local import) — expect some rough edges. If you need lower risk, ask the author to sanitize/escape all external inputs before interpolation (or switch to spawn/execFile with args arrays) and to add input-validation and explicit warnings in the SKILL.md. If you cannot audit/modify the code, avoid running it with untrusted inputs or on systems with sensitive data.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.0
Download zip
latestvk9754nf6xvzvxm2rvd0k54grp5818nf9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Browser Automation v2

Enterprise-grade browser automation for OpenClaw with robust resource management.

Features

  • Automatic tab cleanup - No more tab accumulation
  • Timeout & retry - Exponential backoff on network errors
  • Smart waiting - waitForLoadState, waitForSelector
  • Concurrency lock - Prevents profile conflicts
  • Structured logging - DEBUG=1 for verbose output
  • Configurable - Environment variables for timeout, retries, profile

Files

  • browser-manager.v2.js - Core manager class
  • search-google.js - Google search with screenshot + PDF
  • fetch-summary.js - Fetch page content (static or dynamic)
  • multi-pages.js - Batch process multiple URLs
  • fill-form.js - Auto-fill forms by field names

Usage

# Set environment (optional)
export BROWSER_PROFILE=openclaw
export BROWSER_TIMEOUT=30000
export BROWSER_RETRIES=2
export DEBUG=1

cd ~/.openclaw/workspace/skills/browser-automation-v2

# Search Google
node search-google.js "OpenClaw automation"

# Batch process
node multi-pages.js "https://example.com" "https://github.com"

# Fill form
node fill-form.js "https://example.com/form" '{"email":"test@xx.com"}'

Integration

Register as OpenClaw skill:

openclaw skills install ~/.openclaw/workspace/skills/browser-automation-v2

Or call directly from agent:

run search-google.js "query"

Requirements

  • OpenClaw v2026.2.15+
  • Browser profile configured (default: openclaw)
  • Gateway running

Troubleshooting

  • Timeout errors: Increase BROWSER_TIMEOUT
  • Profile locked: Wait for other instance to finish
  • Element not found: Use snapshot --format ai to debug refs

Created: 2026-02-16 Version: 2.0.0 License: MIT

Files

6 total
Select a file
Select a file to preview.

Comments

Loading comments…