ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Use Browser (Scrape leads, like, post on socials or perform actions on the web)

v1.0.0

Automates browser interactions for social media management across Instagram, LinkedIn, and X. Handles posting, DMs, connection requests, lead scraping, and m...

1· 506·3 current·3 all-time
by@mathiasthu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
SKILL.md describes a browser-automation CLI ('browser-use') for Instagram/LinkedIn/X which is coherent with the declared purpose. However, the skill frontmatter (metadata.openclaw) requires the 'browser-use' binary while the registry metadata shows 'Required binaries: none' — a clear inconsistency. If the binary is genuinely required, it should be declared and an install mechanism provided or documented.
!
Instruction Scope
Instructions allow scraping profiles/leads and sending DMs/connection requests without confirmation and assume pre-authenticated, persistent sessions on an 'isolated VM'. The doc enforces a domain allowlist and blocks local/cloud-metadata ranges (good), but it does not state where scraped data, cookies, or session state are stored/transmitted, nor how long persistence lasts. Lack of guidance on data retention/exfiltration and the permission to act autonomously on messaging/connection requests are scope concerns.
!
Install Mechanism
There is no install spec (instruction-only), but the CLI 'browser-use' is required by the SKILL.md. The README links to a GitHub repo, but the skill provides no explicit install steps or vetted source for the binary. This gap makes it unclear who provides/maintains the executable and increases risk if the binary must be fetched manually.
Credentials
The skill declares no required environment variables or credentials, which aligns with the claim that sessions are pre-authenticated manually. However, persistent cookies/session storage are implied but not described (location, encryption, access controls), so sensitive authentication material may persist outside the user's control. No unrelated credentials are requested.
!
Persistence & Privilege
always is false and the skill is user-invocable, which is appropriate. However, because the agent is allowed to reuse persistent authenticated sessions and perform high-impact actions (send DMs, connection requests, posting, scraping) without confirmation, autonomous invocation could have a large blast radius. The skill lacks safer defaults (e.g., require confirmation for messaging by default), increasing risk.
What to consider before installing
Before installing, verify the source and installation method for the required 'browser-use' binary (the SKILL.md expects it but the registry metadata doesn't declare it). Inspect the GitHub repo and ensure you trust the binary provider and release artifacts. Confirm how and where session cookies/login state are stored on the VM, who can access them, and how long they persist — if possible, require ephemeral sessions or explicit user confirmation for sensitive actions. Consider restricting autonomous actions (require confirmation for sending messages/connection requests by default) and double-check the domain allowlist. If you plan to use production accounts, run this on a tightly isolated VM and avoid using high-value credentials until you understand the binary and storage behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fa3z5zqxfmqsrj75w142zgd81ynpz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments