Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
web-access-openclaw
v1.0.0所有联网操作必须通过此 skill 处理,包括:搜索、网页抓取、登录后操作、网络交互等。 触发场景:用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容(小红书、微博、推特等)、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。
⭐ 1· 714·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (browser-backed web access, login-capable scraping and interaction) aligns with the included scripts and SKILL.md. The skill implements a local CDP proxy exposing endpoints to create background tabs, eval arbitrary JS, click, scroll, screenshot, and set file inputs — all coherent with the stated purpose.
Instruction Scope
Runtime instructions and bundled scripts read local Chrome debug info (DevToolsActivePort files), probe local TCP ports, start a local HTTP server (default localhost:3456), and instruct the agent to execute arbitrary JS inside pages via /eval. /setFiles lets the skill set local file paths into page file inputs (causes browser to upload files). These actions access local system state and user browser session data (cookies, auth), which is necessary for the skill's purpose but also expands the sensitive surface — the manifest did not declare local config path access even though the scripts read user paths.
Install Mechanism
No remote download/install step: this is an instruction + code bundle included in the skill. There are no external installers or arbitrary remote URLs being fetched at install time. The check-deps script may start a detached local Node process (cdp-proxy) and writes logs to the temp dir, which is expected for this functionality.
Credentials
The registry shows no required env vars or credentials, but runtime uses optional env vars (e.g., CDP_PROXY_PORT) and relies on the user's Chrome session (accessed via local DevTools/debug port). While this is functionally necessary, it effectively gives the skill access to logged-in site state and local browser resources — a high-privilege capability that is not expressed as explicit required credentials in the metadata.
Persistence & Privilege
The skill starts a detached, persistent local proxy process that keeps running and listens on localhost. always:false (not force-included) and disable-model-invocation:false (agent can call it autonomously). Autonomous invocation combined with the proxy's privileged access to browser sessions increases blast radius — the skill itself does not modify other skills or system-wide settings.
What to consider before installing
This skill appears to do what it claims (control your local Chrome to fetch/login/operate pages) but it grants powerful access: it connects to your real browser profile (so it can see logged-in sessions, cookies, pages), can run arbitrary JavaScript in page contexts, trigger uploads via local file paths, and runs a background HTTP proxy on your machine. Before installing or enabling it: 1) Verify the source: confirm the upstream GitHub repo and that the packaged files match the official project (the registry shows source unknown). 2) Review the cdp-proxy.mjs and check-deps.mjs code yourself (or have a trusted reviewer) — the code runs locally and exposes /eval which can read sensitive DOM data. 3) Restrict usage: prefer manual invocation and require explicit user confirmation for any write actions (posts, uploads, deletes); consider disabling autonomous invocation if you don't want the agent to call the skill without explicit prompts. 4) Run with an isolated Chrome profile (no sensitive logins) if you must use it, or only enable when needed; stop the proxy process when finished (or monitor localhost:3456 and the proxy log file). 5) If you cannot verify the package source or code, avoid installing or grant it minimal access (use a throwaway browser profile).scripts/check-deps.mjs:98
Shell command execution detected (child_process).
scripts/check-deps.mjs:13
Environment variable access combined with network send.
scripts/check-deps.mjs:69
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
browservk97f408zwd2zs10nv7e8rk6bdd83y29vcdpvk97f408zwd2zs10nv7e8rk6bdd83y29vlatestvk97f408zwd2zs10nv7e8rk6bdd83y29vopenclawvk97f408zwd2zs10nv7e8rk6bdd83y29vwebvk97f408zwd2zs10nv7e8rk6bdd83y29v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.