Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Chromium
v1.1.0Launch a persistent headless Chromium with remote debugging (CDP) for browser automation — page navigation, clicks, form filling, screenshots, and cookie imp...
⭐ 0· 0·0 current·0 all-time
by@redf426
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's name, README, SKILL.md and scripts align with the stated purpose: launching a persistent headless Chromium and importing cookies for pre-authenticated sessions. However, the cookie import implementation requires access to the OpenClaw gateway token (read from ~/.openclaw/openclaw.json) and to a local browser-control port — a capability not declared in the registry metadata (no required config paths or primary credential listed). This is proportionate to cookie import but is not documented in metadata.
Instruction Scope
SKILL.md tells operators to run the included start_chromium.sh and import_cookies.py. The import script reads ~/.openclaw/openclaw.json to obtain the gateway auth token and then POSTs cookies to a local browser-control endpoint (127.0.0.1:<port>). The start script also kills previous browser processes by pattern, removes a SingletonLock file, and launches Chromium with flags including --no-sandbox. These actions go beyond a simple 'launch browser' instruction surface because they read a local config file containing an auth token and manipulate processes/files — important runtime behaviors that are not reflected in the top-level requirements.
Install Mechanism
This is an instruction-only skill with bundled scripts (no install spec). That keeps disk write risk low and makes the install mechanism low-risk. The included scripts will be executed locally when you follow the README/SKILL.md instructions.
Credentials
Registry metadata declares no required env vars or credentials, but the code reads OPENCLAW_GATEWAY_PORT (env) and, crucially, ~/.openclaw/openclaw.json to extract a gateway auth token. Accessing another component's auth token is sensitive. While reading the gateway token is functionally necessary for the cookie-import flow, it's a credential access that should be declared (primaryEnv/config path) and highlighted to users.
Persistence & Privilege
The skill is not marked always:true and does not modify other skills' configuration. It creates/uses a persistent browser profile directory and suggests optional autorun via a user cron entry, which is normal for this sort of tool. The start script removes a stale lock file and kills previous instances of Chromium launched with that profile — operations scoped to the profile.
What to consider before installing
This skill appears to implement the advertised functionality, but be aware it will read your OpenClaw gateway token from ~/.openclaw/openclaw.json and use it to POST cookies to a local browser-control endpoint. That credential access is not declared in the registry metadata. Before installing or running it: (1) review the two bundled scripts (start_chromium.sh and import_cookies.py) yourself, (2) run the cookie importer with --dry-run first, (3) consider running Chromium in an isolated VM or container (the script launches with --no-sandbox), and (4) ask the skill author to document required config paths/env vars (OPENCLAW_GATEWAY_PORT, gateway token, Python3, Chromium binary) so you can make an informed trust decision.Like a lobster shell, security has layers — review code before you run it.
latestvk975r7w7wx2sgppmx04s568rws84d32c
License
MIT-0
Free to use, modify, and redistribute. No attribution required.