Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browser History
v1.0.0Search and retrieve URLs, titles, and visit counts from Das's Chrome browsing history, including recent visits and YouTube video searches.
⭐ 0· 915·4 current·4 all-time
byRohit Das@therohitdas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly implements a 'search Chrome history' feature and the provided sqlite3 queries match that purpose. However the skill has no description, no declared OS restriction, and no declared required config path while the instructions target a macOS-specific Chrome history file (~/Library/Application Support/Google/Chrome/Default/History). The lack of metadata about needing access to that path and the OS-specific nature are inconsistencies.
Instruction Scope
The runtime instructions explicitly tell the agent to read the user's Chrome History SQLite file, copy it to /tmp if locked, run sqlite3 queries, open URLs in Chrome, and hide Chrome via AppleScript. Those actions access highly sensitive local data (complete browsing history) and manipulate a local application UI. The SKILL.md does not constrain how results are used or transmitted and does not require explicit user consent before reading local files.
Install Mechanism
There is no install spec and no code files — this is instruction-only. That limits disk writes and arbitrary code installation and is the lowest-risk install mechanism.
Credentials
No environment variables or credentials are requested, which is appropriate. However the skill's metadata does not declare that it requires access to a specific local config path (Chrome History in the user's home). The instructions therefore depend on local file access that wasn't reflected in the declared requirements.
Persistence & Privilege
The skill did not set disable-model-invocation:true (default allows the model to call it autonomously). Because the skill reads sensitive browsing history and can open/hide Chrome, allowing autonomous model invocation increases privacy risk. always is not set, which is good, but lack of restriction on invocation is concerning for this kind of sensitive access.
What to consider before installing
This skill will read your Chrome browsing history (a sensitive local SQLite file) and can open or hide Chrome windows. Before installing or enabling it, consider: (1) Only install if you fully trust the author and understand the privacy implications; (2) Ask the publisher to add explicit metadata: an OS restriction (macOS), a required config path declaration, and a clear explanation of when/why history will be read; (3) Prefer making the skill user-invocable or setting disable-model-invocation:true so the model cannot read history autonomously; (4) If you want the functionality but want to limit exposure, run the provided sqlite3 commands yourself locally and paste results to the agent instead of giving it direct file access; (5) Verify that copying the History file to /tmp (suggested in the doc) is acceptable in your environment since that creates a temporary unencrypted copy of your history. If any of the above are unacceptable, do not install or enable the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk9779y79c4kc3hax54f7x4mkbn80ykbs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.