Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
chrome-cdp-controller
v1.0.0Control local Chrome browser via Chrome DevTools Protocol (CDP) using Puppeteer. Use when you need to automate browser tasks like navigating pages, clicking...
⭐ 0· 84·0 current·0 all-time
byxiaoxiaoxi@hanxiaolin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the package depends on puppeteer-core, the SKILL.md explains connecting to a local CDP WebSocket, and scripts/cdp_controller.js implements navigation, interaction, evaluation, uploads, screenshots and network interception as described. No extraneous credentials, binaries, or unrelated services are required.
Instruction Scope
Instructions stay within browser automation scope, but include functionality that can access local files (upload() verifies filesystem paths; the 'evaluate' command supports executing JS from a file by reading it from disk) and capture network responses (start_intercept -> in-memory storage retrievable via get_intercepted). Those capabilities are expected for this tool but can be abused to exfiltrate sensitive data if untrusted command files or commands are executed. SKILL.md also instructs starting Chrome with remote debugging on localhost (expected).
Install Mechanism
No registry install spec in the metadata; the project is instruction-only but includes a package.json and expects the user to run `npm install` which will fetch puppeteer-core from the npm registry. Dependencies resolve to normal npm packages and no ad-hoc download URLs or archive extraction from untrusted hosts are present.
Credentials
The skill requests no environment variables or external credentials. It connects to a user-provided local CDP WebSocket URL only. Note: the code can read local file paths supplied as command parameters (for upload and evaluate-from-file), so sensitive files on disk could be accessed if commands include them.
Persistence & Privilege
Skill is not always-enabled, does not request persistent platform-level privileges, and does not modify other skills or global agent configuration. It is run on-demand and requires an explicit WebSocket URL to connect to the browser.
Assessment
This skill appears to be what it says: a Puppeteer-based controller for a local Chrome instance. Before installing or running it, consider these precautions:
- Only connect it to browsers you control. Running Chrome with remote debugging exposes a WebSocket that this tool will use; ensure the debugging port is bound to localhost and not reachable by others.
- Audit any commands/JSON files you pass to the script. Commands can (a) upload local files you specify, (b) read and execute JavaScript files from disk (evaluate with file), and (c) capture network responses — all of which can be used to leak sensitive data if the commands are untrusted.
- Run the controller against a dedicated browser profile or an isolated/testing profile when automating sites that require credentials or when testing untrusted scripts.
- npm install will pull puppeteer-core and standard npm dependencies; use usual supply-chain hygiene (up-to-date Node, verify package source) if you're concerned about third-party dependency risks.
- If you need higher assurance, review scripts/cdp_controller.js locally (it was included and implements the documented features) and avoid executing command files received from untrusted sources.scripts/cdp_controller.js:167
Dynamic code execution detected.
scripts/cdp_controller.js:278
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97886akwzk1ncsfg66hbq6d5583w963stablevk97886akwzk1ncsfg66hbq6d5583w963
License
MIT-0
Free to use, modify, and redistribute. No attribution required.