ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Grok Browser

v1.0.0

Query Grok AI via browser automation. Use when you need to ask Grok questions, get AI responses, or use Grok's DeepSearch/Think features. Copies response tex...

0· 736·0 current·0 all-time
byEason Chen@easonc13
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description align with the instructions: it automates Chrome to query Grok and copy responses. However the SKILL.md contains macOS-specific commands (open, pbpaste), a hardcoded user path (/Users/eason/clawd/scripts/attach-browser-relay.sh), and an explicit 'never profile=clawd' note — suggesting the author built it for a single developer environment rather than a generic skill.
!
Instruction Scope
Instructions explicitly tell the agent to execute a local attach script at a fixed path and to read the system clipboard (pbpaste). They also instruct avoiding the agent's profile, which may be an attempt to bypass sandboxing. Executing an arbitrary local script and reading clipboard contents go beyond simply driving a web UI and can exfiltrate or run arbitrary local code.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is written to disk by the skill package itself. The scanner had no artifacts to analyze.
!
Credentials
The skill declares no credentials/env vars, which is appropriate, but its runtime instructions require access to a user-local script and the system clipboard. Those are sensitive resources not strictly necessary for a portable automation recipe and are disproportionate unless you explicitly control and inspect the local script.
Persistence & Privilege
always is false and there is no install or self-modification. The skill does not request permanent presence or modify other skills. The main privilege risk is runtime (executing local script / reading clipboard), not persistence.
What to consider before installing
This skill will drive your Chrome session to query Grok, but it asks you (in practice) to run a specific local script and to read the clipboard. Before installing or using it: 1) Inspect the file /Users/eason/clawd/scripts/attach-browser-relay.sh (or any attach script you are asked to run); don't run it unless you trust its contents. 2) Be cautious about pbpaste/clipboard reads — your clipboard can contain passwords or tokens. 3) Consider adapting the instructions to a path and profile on your machine instead of the hardcoded /Users/eason/... path. 4) Confirm what the 'Browser Relay' extension does and that it comes from a trusted publisher. 5) Avoid using this skill on shared or production machines; if you must test, do so in an isolated environment. If you cannot verify the attach script and extension, treat the skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dtr504xerz4xcb262rsx4td816t6k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments