Browser History
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is clearly about Chrome history, but it gives an agent broad access to private browsing data, can copy the full history database to /tmp, and includes an unrelated command to hide Chrome.
Install or invoke this only if you are comfortable letting the agent read your local Chrome history. Ask for narrow, specific searches, avoid broad recent/all-time history dumps unless needed, do not let it open or hide Chrome without confirmation, and delete any /tmp/chrome_history copy after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could reveal recent or frequent browsing activity beyond what the user specifically intended to search for.
The skill intentionally grants access to a local browser profile history, which can reveal sensitive habits, accounts, and private activity; the provided instructions do not bound this access to explicit, narrow user-approved queries.
Search Das's Chrome browsing history to find URLs, videos, sites he's visited before.
Only use this skill with explicit user direction, limit queries to specific terms, and avoid broad recent-history or all-time most-visited queries unless the user asks for them.
A complete copy of browsing history may remain on disk and be accessible or reused later outside the original search task.
The locked-database workaround copies the full Chrome History database to /tmp without cleanup or retention guidance, leaving a sensitive local artifact after the task.
cp ~/Library/Application\ Support/Google/Chrome/Default/History /tmp/chrome_history
Use a tightly scoped temporary copy only when necessary, restrict file permissions, and delete /tmp/chrome_history immediately after use.
The agent could open sites in the user's logged-in browser context and hide the browser window, making actions less visible to the user.
The skill extends beyond read-only history lookup into controlling Chrome and hiding its window, without stating when user approval is required.
open -a "Google Chrome" "URL_HERE" ... osascript -e 'tell application "System Events" to set visible of process "Google Chrome" to false'
Remove the hide/minimize command or require explicit user confirmation before opening URLs or changing Chrome window visibility.