ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chrome CDP Browser Operator

v1.0.0

windows-friendly chrome automation through an existing Chrome profile via CDP, with human-like mouse and keyboard input, browser attachment checks, page navi...

0· 83·0 current·0 all-time
byUgurInanc@ugurinanc12

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ugurinanc12/chrome-cdp-browser-operator.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Chrome CDP Browser Operator" (ugurinanc12/chrome-cdp-browser-operator) from ClawHub.
Skill page: https://clawhub.ai/ugurinanc12/chrome-cdp-browser-operator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install chrome-cdp-browser-operator

ClawHub CLI

Package manager switcher

npx clawhub@latest install chrome-cdp-browser-operator
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Chrome CDP automation, human-like input, checks, navigation, drafting) match the included files: browser_operator.py (Playwright-based CDP attachment, fallback launch, human-like interactions, scraping and draft/reply workflows) and an installer that writes a config and PowerShell starter. Reusing an existing Chrome profile and Playwright are expected capabilities for this purpose.
Instruction Scope
SKILL.md instructs attaching to chrome://127.0.0.1:9222 and running the provided scripts — consistent with code. The runtime code will read/write local config, state, and outputs, navigate pages, extract contact info (emails/phones), and can post or prepare public replies. These behaviors are within the claimed scope but mean the skill will access the logged-in browser profile and local workspace files (state/output), so review what profile is attached and what data might be scraped before use.
Install Mechanism
No external download/install spec is included; the package is instruction+script only. requirements.txt lists 'playwright' and the code instructs the user to pip install it and optionally run Playwright's browser install — this is reasonable and expected for Playwright-based automation. There are no suspicious remote URLs or archive extracts present.
Credentials
The skill declares no required environment variables or credentials. The install script optionally records Telegram notification targets/accounts in the generated config; when enabled the code will call an 'openclaw message send' subprocess to forward notifications. That optional notification pathway can transmit scraped content (contacts or drafts) to an external channel, so the capability is proportionate to the advertised notification feature but requires user caution.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and writes only its own config/state/output files under a user-provided workspace. It requires access to a Chrome user-data directory when using the fallback or to an already-running profile via CDP; that is necessary for its stated purpose but is a privilege the user should limit to a dedicated profile.
Assessment
This skill is coherent with its description, but take these precautions before installing or running: 1) Run it only with a dedicated Chrome profile (do not attach your personal/work browsers) because it will use whatever logged-in session the profile contains. 2) Review and set the generated config (workspace/config) — especially 'telegram' notification fields — to avoid unintentionally sending scraped data to external channels. 3) If you don't want outbound notifications, leave 'telegram' disabled. 4) Inspect the code (browser_operator.py) yourself and test in an isolated environment; Playwright will need to be installed and may download browser binaries. 5) Prefer draft mode and review outputs before enabling automatic apply/reply modes. If you want additional assurance, provide the author/source or run the scripts in a locked-down VM.

Like a lobster shell, security has layers — review code before you run it.

latestvk972mrq1pw83z5jrt0yp67gc2h8596yn
83downloads
0stars
1versions
Updated 6d ago
v1.0.0
MIT-0
UgurInanc@ugurinanc12
latest
Download

Chrome CDP Browser Operator

Use this skill when a real browser session is required and the browser is already open through a dedicated Chrome profile.

Core resources

  • scripts/browser_operator.py attaches to Chrome over CDP, falls back to a local launch when configured, can navigate X, draft guarded replies, and emit notifications.
  • scripts/install_chrome_cdp_browser_operator.py writes a Windows config plus starter scripts.
  • references/cdp-setup.md explains the intended Chrome profile and port setup.

Workflow

  1. Launch Chrome with the dedicated profile and remote debugging enabled.
  2. Run browser_operator.py check to verify that CDP attachment works.
  3. Run browser_operator.py search or run-cycle in draft mode first.
  4. Review the draft bundle before enabling apply mode.
  5. Keep notifications optional and low-noise.

Rules

  • Use the browser skill for real browser presence, not spam or deceptive mass outreach.
  • Keep public replies low volume and reviewable.
  • Prefer draft mode for new workflows.
  • If CDP becomes flaky, use the built-in launch fallback instead of rewriting the whole operator.

Comments

Loading comments...