ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

upload-file

v1.0.0

MUST be used for any browser file upload task. Provides reliable, step-by-step automation for uploading files via agent-browser CLI. Includes strict executio...

0· 37·0 current·0 all-time
by@m1ss-cell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, SKILL.md and included Python script all target browser file uploads via the agent-browser CLI — that's coherent. However, the package metadata lists no required binaries while both the instructions and the script rely on an 'agent-browser' binary being on PATH. Also SKILL.md references 'scripts/upload_file.py' but the provided file is 'scripts/upload.py' (filename mismatch) which will break the recommended Python mode.
Instruction Scope
SKILL.md gives concrete step-by-step agent-browser commands (open, wait, find, upload, snapshot) which are in-scope for upload tasks. But the instructions/implementation call 'agent-browser snapshot' several times (fallback and verification). Snapshots capture page content and could include sensitive data (file names, page text, form fields). The skill instructs snapshots on failures and during verification by default, increasing risk of unintended data capture.
Install Mechanism
No install spec (instruction-only plus a script) — low installation risk because nothing is downloaded or written by an installer. The included script will run externally; there is no package fetching or archive extraction.
!
Credentials
The metadata declares no required env vars, but the script reads OPENCLAW_WORKSPACE (with a default) to resolve 'workspace/...' paths. That environment variable is not documented in requires.env. The script also prints command lines and resolved paths to stdout; that may leak file paths or workspace locations into logs. No credentials are requested, but the undeclared env usage and potential log exposure are disproportionate to what the metadata claims.
Persistence & Privilege
always is false and the skill does not request or perform system-wide persistent changes. It does not modify other skills or agent config. Autonomous invocation remains possible (default) but is not a unique risk here.
What to consider before installing
This skill appears to implement browser file uploads, but don't install blindy. Check and fix the obvious mismatches first: ensure 'agent-browser' is available on the agent PATH (the skill assumes it but metadata doesn't declare it), and note SKILL.md references 'scripts/upload_file.py' while the included file is 'scripts/upload.py' — that will break the recommended Python usage. Confirm whether OPENCLAW_WORKSPACE is used in your environment (the script will read it if present) or adjust the code to avoid implicitly reading an undocumented env var. Be aware that the skill takes page snapshots during verification/fallback; snapshots can include sensitive page content (file names, form data). If you will use this on pages with confidential data, require explicit approval or remove automatic snapshots. Finally, test the skill in a safe sandbox first, review logs for unexpected output, and only grant agent autonomous use if you trust it to run these commands and handle snapshots.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a7g70a2hr0amc9z996g099184pd25

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments