Browser Automation V2

This skill appears to do what it says, but exercise caution before installing or running it on sensitive systems. Key concerns and recommendations: - Command-injection risk: the code builds shell commands with user-controlled values (URLs and form values) and calls child_process.exec. If you pass untrusted input, an attacker could inject shell operators. Prefer running these scripts only with trusted inputs, review and/or modify the code to use execFile/spawn with argument arrays or properly escape inputs. - Run in isolation: test in a contained environment (dedicated VM/container, limited privileges) and avoid running with sensitive environment variables or on production hosts until you audit it. - Audit the OpenClaw CLI: the scripts rely entirely on the local `openclaw` CLI/gateway — ensure that binary is from a trusted source and behaves safely when given arguments. - Small bugs: there are minor implementation issues (e.g., fallbackToBrowser references exec without a local import) — expect some rough edges. If you need lower risk, ask the author to sanitize/escape all external inputs before interpolation (or switch to spawn/execFile with args arrays) and to add input-validation and explicit warnings in the SKILL.md. If you cannot audit/modify the code, avoid running it with untrusted inputs or on systems with sensitive data.