X Read
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: x-read Version: 1.0.1 The skill's `index.js` uses Puppeteer to launch a Chromium instance with the `--no-sandbox` flag. This critically disables Chromium's security sandbox, creating a significant Remote Code Execution (RCE) vulnerability if a malicious URL is processed. This directly contradicts the `SKILL.md` documentation, which claims a 'sandboxed Chromium instance' is launched. While this is a severe security flaw, there is no evidence of intentional malicious behavior such as data exfiltration, persistence, or unauthorized actions beyond the stated web scraping purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A prompt or caller could cause the headless browser to visit unrelated or internal URLs from the user's environment, broadening the tool beyond a public X reader.
The documented purpose is to read public X/Twitter permalinks, but the runtime navigates to whatever URL argument it receives, with no visible allowlist for x.com/twitter.com status URLs.
const url = process.argv[2]; ... await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30000 });Validate the input before navigation, allowing only public x.com/twitter.com status or article URLs, and require explicit user approval for any other destination.
The skill is still read-only at the X account level, but remote page content is processed with weaker browser isolation than users would expect.
The skill renders remote web pages in Chromium, and these flags explicitly disable Chromium's sandbox, reducing containment if a malicious page or browser vulnerability is encountered.
args: ['--no-sandbox', '--disable-setuid-sandbox', '--disable-dev-shm-usage']
Avoid disabling the Chromium sandbox where possible, or run the skill inside a separate locked-down container or VM with restricted network access.
Users may overestimate the isolation provided by the browser run.
This safety statement is contradicted by index.js, which launches Chromium with '--no-sandbox' and '--disable-setuid-sandbox'.
Puppeteer launches a sandboxed Chromium instance with a realistic user-agent
Update the documentation to accurately describe the sandbox status, or change the launch options so the implementation matches the safety claim.
Installation may pull or update browser automation code outside the reviewed source if dependency locking is not applied.
Puppeteer is purpose-aligned for this skill, but it is a large browser automation dependency and the caret range can allow newer dependency resolution if the lockfile is not enforced.
"dependencies": { "puppeteer": "^24.37.5" }Install using the provided lockfile, consider pinning exact dependency versions, and verify the package source before use.