ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browserless Agent

v0.1.0

Professional web automation with headless browser - navigate, scrape, automate, test, and interact with any website.

0· 1.7k·1 current·1 all-time
by@raff-lima
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: the code implements navigation, scraping, screenshots, PDF, file upload, evaluate (JS), storage/cookie management and other Playwright-based actions. The required env var (BROWSERLESS_URL) and optional token align with connecting to a Browserless service.
Instruction Scope
SKILL.md and code are scoped to browser automation and do not instruct the agent to read unrelated host files or arbitrary environment variables. However the skill exposes powerful capabilities that are expected for this domain: evaluate (execute arbitrary JS in page context) and upload_file (reads local file paths to attach to page inputs) and functions that write screenshots/PDFs to disk. These features can be used to exfiltrate or capture sensitive content if misused or if the configured Browserless endpoint has access to internal systems.
Install Mechanism
No automated install spec is provided (instruction-only install), dependencies are minimal (requirements.txt contains 'playwright'). The README asks the operator to run pip install and playwright install manually; nothing is downloaded from untrusted URLs or executed automatically by the registry.
Credentials
Only BROWSERLESS_URL (required) and BROWSERLESS_TOKEN (optional) are requested. That is proportional for a WebSocket-based browserless client. Small inconsistency across files: some docs/changelog references BROWSERLESS_WS in a couple places while most use BROWSERLESS_URL — a documentation inconsistency but not a secret-excess issue.
Persistence & Privilege
Skill is not marked always:true and does not request persistent elevated privileges or modify other skills. It can be invoked autonomously (default), which is normal; consider this in threat modelling because autonomous agents with web-automation capability can interact with internal services if configured.
Assessment
This skill appears to implement what it claims, but be aware of operational risks before enabling it: 1) Only configure BROWSERLESS_URL to a Browserless endpoint you trust (don't point it at a host that gives broad internal-network access unless you intend that). 2) Keep BROWSERLESS_TOKEN secret in OpenClaw secret storage. 3) The skill can execute arbitrary JavaScript in visited pages and can upload local files (upload_file), take screenshots, and write PDFs — those can leak sensitive data if an agent is instructed to interact with internal sites or local files. 4) There are minor docs inconsistencies (BROWSERLESS_WS vs BROWSERLESS_URL) — confirm which env var you will set. 5) If you plan to allow autonomous agent invocation, consider limiting the skill's usage scope or monitoring actions to reduce the blast radius. If you want, review main.py (provided) or run tests locally (python tests/test_browserless.py) against a controlled Browserless instance before enabling in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk972a5wp4ptvwgy2c3387gjyq980md3c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
EnvBROWSERLESS_URL
Primary envBROWSERLESS_URL

Comments