Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Selenium Browser
v1.0.0Start a Selenium‑controlled Chrome browser, open a URL, take a screenshot, and report progress. Supports headless mode and optional proxy.
⭐ 0· 581·8 current·8 all-time
byAndrei Bespalov@andreybespalov89
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (launch Chrome via Selenium, capture a screenshot, return the saved path) is reasonable. However the SKILL.md and the actual scripts disagree: SKILL.md includes a script that saves a screenshot and prints a JSON-like dict, but the file manifest's launch_browser.py opens the page and then loops forever without taking or saving a screenshot. SKILL.md also promises saving to /home/main/clawd/diffusion_pdfs/, which is not used by the bundled scripts. These inconsistencies indicate the package is not internally coherent with its stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the Python script and parse stdout as JSON. The embedded script in SKILL.md prints a Python dict (not serialized JSON) and the actual file on disk does not print or return the expected JSON and instead blocks in an infinite loop. The mismatch could cause the agent to hang, mis-parse output, or never receive a screenshot path. The instructions also reference a fixed save path in SKILL.md that is not present in the real script.
Install Mechanism
There is no automated install spec—this is instruction-only with bundled scripts and a recommendation to pip install selenium. No remote downloads or archive extractions are present in the package itself, so install risk is low, assuming the operator runs the recommended pip command from a trusted environment.
Credentials
The skill requests no credentials and only optionally uses CHROME_BIN and CHROMEDRIVER_PATH env vars (reasonable). It supports an optional proxy. However SKILL.md's hardcoded save path (/home/main/clawd/diffusion_pdfs/) is unexpected and unrelated to the skill's basic function; the bundled scripts do not reliably respect or expose a configurable, safe output path. That fixed-path claim is disproportionate and should be clarified or removed.
Persistence & Privilege
The registry flags are normal (not always:true). But the bundled script in the manifest enters an indefinite while-true sleep loop, relying on an external KeyboardInterrupt or 'terminate' to exit; that behavior can leave the agent waiting and consume resources. This persistence is not expressed in SKILL.md and should be addressed (timeouts or explicit termination protocol).
What to consider before installing
Do not install or run this skill as-is. Key concerns: (1) The SKILL.md, the script embedded in SKILL.md, and the actual scripts on disk disagree: one version takes and reports a screenshot, another never takes a screenshot and loops forever. (2) SKILL.md says the skill returns JSON, but the embedded script prints a Python dict (not serialized JSON) and the on-disk script prints nothing — the agent will likely fail to parse results. (3) SKILL.md promises a hardcoded save path (/home/main/clawd/diffusion_pdfs/) that isn't implemented; confirm where files will be written and make that path configurable. Actions you should take before using this skill: inspect and reconcile the actual scripts (which file will be executed), require the executable to output valid JSON, add a timeout or controlled termination instead of an infinite loop, ensure screenshots are written to a safe, configurable directory, run the skill in an isolated container or sandbox with limited permissions, and test with non-sensitive URLs. Also prefer a publisher-provided homepage or source repository (currently missing) and ask the author to fix the inconsistencies and provide a clear termination/protocol for the process. If you cannot validate and fix these issues, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk971t3q7esqzc5h78x8x9qqvvh81z8j1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.