v1.0.0

Oc Browser Automation 1.0.0

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:23 AM.

Analysis

This is a coherent browser-automation wrapper with no code, but it can give the agent broad control over web pages and even logged-in Chrome sessions, so it deserves careful review before installation.

GuidanceInstall only if you intentionally want an agent to automate browser activity. Use a sandbox or fresh browser profile where possible, avoid personal Chrome sessions, and require explicit confirmation before logins, submissions, uploads, downloads, purchases, or other account-changing actions.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

| **点击** | 点击页面元素 | ... | **输入** | 在输入框中输入文本 | ... | **文件上传** | 上传文件到网页 | ... | **下载** | 从网页下载文件 |

The documented browser tool surface includes clicking, typing, form filling, file upload, and download across arbitrary pages, but the artifact does not define confirmation or containment rules for high-impact actions.

User impactA mistaken or over-broad browser action could submit forms, upload local files, download untrusted files, or change data in a web account.

RecommendationUse this skill only for user-directed browsing tasks and require confirmation before submissions, purchases, account changes, uploads, downloads, or other irreversible actions.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

browser action=act kind=evaluate fn="window.scrollTo(0, document.body.scrollHeight)" ... kind | string | 操作类型：click, type, press, hover, scroll, select, drag, fill, evaluate

The skill documents a raw page-evaluation capability. This is consistent with browser automation, but it is an escape hatch that can execute JavaScript in page context.

User impactPage-evaluation commands could interact with or extract data from the currently loaded page if used carelessly.

RecommendationKeep evaluate-style actions user-directed, avoid running arbitrary snippets on sensitive pages, and prefer higher-level click/type/snapshot actions when possible.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

_meta.json

"ownerId": "kn79r8786yeqppanzfekfv7kqx82kcga", "slug": "oc-browser-automation"

The embedded metadata owner/slug differ from the registry metadata shown for the submitted skill, and the listing also has unknown source/homepage. Because there is no runnable code, this is a provenance note rather than a direct malicious behavior finding.

User impactIt may be harder to confirm that the package identity and publisher metadata are consistent.

RecommendationVerify the publisher and registry listing before installing, especially because the skill grants broad browser-control authority.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

profile | string | 浏览器配置：openclaw (默认) / chrome (使用你的 Chrome) ... 浏览器可能包含登录会话

The skill explicitly supports using the user's Chrome profile and acknowledges that the browser may contain logged-in sessions, granting the agent delegated access to web accounts without a clearly bounded credential scope.

User impactIf used with a logged-in browser, the agent could act as the user on websites, including reading private pages or making account changes.

RecommendationPrefer a sandbox or fresh browser profile, avoid connecting it to personal Chrome sessions, and require explicit user confirmation before any account-affecting action.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

SKILL.md

| **截图** | 页面截图或全页截图 | ... | **快照** | 获取页面 DOM 快照（AI 快照或 ARIA 快照） | ... browser action=requests filter="api"

Screenshots, DOM snapshots, console output, and request logs can bring sensitive page content or untrusted web content into the agent's context.

User impactPrivate information visible in the browser could be exposed to the agent context, and web page text should not automatically be treated as trusted instructions.

RecommendationAvoid using snapshots or screenshots on sensitive pages unless necessary, and treat webpage content as untrusted data.