ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Pilot

v1.0.0

Search the web and read page contents without API keys. Use when you need to search via DuckDuckGo/Brave/Google (multi-page), extract readable text from URLs...

1· 7.9k·103 current·109 all-time
byLiran Udi@liranudi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual code and scripts: search scrapers, Playwright-based page reader, persistent browser session, and file downloader. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the scripts line up: they open arbitrary URLs, run JS in page contexts (EXTRACT_JS, COOKIE_DISMISS_JS), auto-dismiss cookie banners, click/fill/execute JS, and download files. These behaviors are expected for a browsing/automation tool, but they give the agent capability to interact with pages (including clicking consent buttons and executing arbitrary page JS) and to fetch and save arbitrary remote content.
Install Mechanism
No install spec in registry (instruction-only), but README and SKILL.md require pip packages and `playwright install chromium`, which will download and install Chromium binaries. This is expected for Playwright-based tools but does perform a large network download during setup.
Credentials
No environment variables, credentials, or external tokens are requested. The tool runs locally and its resource requests (Playwright, requests, optional PDF libs) are proportionate to the stated functionality.
!
Persistence & Privilege
The persistent session creates a Unix domain socket at /tmp/web-pilot-browser.sock, a PID file, and writes /tmp/web-pilot-initial.json and downloads to /tmp. A local Unix socket without explicit permission controls can be connected to by other local users/processes on the same host, which could allow command injection (navigate/extract/screenshot/eval) via that socket. This is expected for a long-running local helper but is an operational security consideration.
Assessment
This skill appears to be what it claims: a local Playwright-based web search, reader, and automation tool. Before installing: (1) review the code if you will run it on a multi-user machine — the persistent server opens a Unix socket in /tmp and writes PID/files there, which could be accessed by other local users; consider running it inside a dedicated user account or container. (2) Be aware it auto-clicks cookie-consent buttons (privacy implication) and can execute arbitrary JS in page contexts via the session's eval command — only allow trusted agents to invoke it. (3) Downloads and PDF extraction write files under /tmp (or configured output) — verify destination and cleanup policies. (4) The install step runs `playwright install chromium`, which downloads browser binaries; validate network policy for such downloads. If you need stronger isolation, run the skill in a sandboxed environment (container/VM) or restrict access to the Unix socket.

Like a lobster shell, security has layers — review code before you run it.

latestvk979cpbbrses16q5bj6s6t96zd81bqwp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments