ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Selenium Automation

v0.1.1

Teaches the agent how to perform advanced web automation using Python, Selenium WebDriver, and ChromeDriver.

0· 1k·8 current·9 all-time
by@gg-erick
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the instructions: SKILL.md teaches Python + Selenium usage and lists the expected system/python dependencies (python3, chromedriver, google-chrome, selenium). The frontmatter permission requirements (exec, write) align with a skill that writes scripts and may run them after user approval.
Instruction Scope
The runtime instructions stay on-topic (creating scripts, navigation, screenshots, JS execution, closing the browser). The SKILL.md explicitly instructs the agent NOT to run scripts without user approval and to only use exec after explicit consent — a deliberate safety measure. One notable capability: examples include driver.execute_script (JavaScript injection) which is a normal automation tool but can be used to read/modify page DOM and could be misused to collect or exfiltrate sensitive page data if a generated script sends that data elsewhere; the skill itself does not instruct exfiltration.
Install Mechanism
This is an instruction-only skill; the only install guidance inside the frontmatter is a pip install selenium line. There are no downloads from arbitrary URLs or archive extraction. The skill assumes the user or environment supplies Chrome/ChromeDriver; it does not attempt to fetch them itself.
Credentials
The skill requests no environment variables or external credentials. It does request exec and write permissions (to create and optionally run scripts), which are proportionate for a tool that generates and executes automation scripts.
Persistence & Privilege
always is false and the skill is user-invocable. The skill's required capabilities (exec, write) allow writing and running scripts but it does not request elevated persistent presence or modify other skills or system-wide configuration. Autonomous invocation is possible per platform defaults, but there are no additional privileges requested that would materially increase risk.
Assessment
This skill appears internally consistent and focused on Selenium-based browser automation, but take these precautions before installing or using it: 1) Review any Python script the agent generates before granting permission to run it — the SKILL.md correctly requires explicit approval. 2) Do not provide site credentials, API keys, or other secrets to the agent unless you trust the execution environment; automated scripts can access any page content and could capture sensitive data. 3) Ensure Chrome and ChromeDriver are installed from trusted sources (package manager or official releases). 4) If your platform allows restricting skill capabilities, consider limiting exec/write or requiring manual approval for execution to enforce the SKILL.md rule. 5) Run generated scripts in an isolated environment (VM/container) if they will browse untrusted sites. If you want a deeper check, provide a sample generated script and the platform policies for exec/write so I can verify the script matches the stated safeguards.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d439ph378z3ymsp3bx9a789827xzw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

Comments