ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chrome Extension Generator

v1.0.0

一键生成 Chrome 扩展程序模板,支持 Popup、Background Script、Content Script、Options 页面等多种类型。

0· 395·2 current·2 all-time
by@sunshine-del-ux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, SKILL.md, and the included shell script are coherent: all describe and implement a local generator for Chrome extension templates. There are no unrelated required binaries, env vars, or network endpoints.
Instruction Scope
SKILL.md tells the agent/user to run a local CLI to generate files. The included script only creates files (manifest, HTML/JS, README) in the chosen output directory and does not access network, secrets, or unrelated system files. Minor note: the script's CLI option parsing appears buggy (it references $6/$7 and a loop condition on $# which may cause some flags to be ignored) — this is a functional issue, not a security one.
Install Mechanism
No install spec; this is instruction-only plus a bundled shell script. Nothing is downloaded or executed from remote URLs and no archives are extracted, so install risk is low.
Credentials
The skill requests no environment variables, credentials, or config paths. The generated manifest defaults to minimal 'storage' permission only; no unexpected credentials are accessed or required.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modify other skills or system-wide agent settings. It only writes files to the specified output directory.
Assessment
This skill appears to do exactly what it claims: generate a Chrome extension scaffold locally. Before running: (1) choose or inspect the output directory because the script will create files there; (2) review the generated manifest.json and other files before loading/publishing the extension (change permissions like tabs, cookies, webRequest only if needed); (3) be aware the script uses a placeholder icon and minimal permissions by default; (4) the CLI option parsing in the script may not behave as documented — test flags on a sample run. No network calls or secret access were found, so the primary risk is accidental overwriting of files in the output path or uploading unreviewed code to the Chrome Web Store.

Like a lobster shell, security has layers — review code before you run it.

browservk976kj1cjdtaqk1wwf5padp8ax825pfychrome-extensionvk976kj1cjdtaqk1wwf5padp8ax825pfygeneratorvk976kj1cjdtaqk1wwf5padp8ax825pfylatestvk976kj1cjdtaqk1wwf5padp8ax825pfy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📦 Clawdis

Comments