ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

browser-recover

v1.0.0

Recover the local Chromium/Chrome environment when browser tool calls fail. Use when encountering (1) Browser startup failures, (2) CDP connection errors (Ta...

0· 45·0 current·0 all-time
byThreshold@wind0ws
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's purpose (recover local Chromium/Chrome instances) aligns with what the scripts do (kill processes, clear ports, remove lock files). However the metadata declares no required binaries or environment variables while the scripts rely on tools (jq, lsof, fuser, pkill, kill) that may not be present. Also SKILL.md and references promise conservative targeting (verify ownership, only clean OpenClaw-managed instances), but the recovery script uses very broad process matching (pkill -f 'chromium' / 'chrome') without verifying ownership or command-line flags. This is disproportionate to the 'only clean OpenClaw-managed instances' safety promise.
!
Instruction Scope
SKILL.md instructs the agent to read OpenClaw config, verify process ownership, and only touch OpenClaw profiles. The actual scripts: read openclaw.json only for debugPort (they do not read userDataDir), do not verify process ownership or inspect command-line flags before pkill, and may use fuser or kill -9 to clear ports. That contradicts the documented safety constraints and gives the agent authority to terminate non-OpenClaw browser processes and forcibly kill processes by PID.
Install Mechanism
No install spec (instruction-only with bundled scripts). Nothing is downloaded or executed from external URLs during install. Scripts are included in the bundle and will run when invoked; there is no additional installer behavior to review.
Credentials
No credentials or secret environment variables are requested. The scripts read a local config path (~/.openclaw/config/openclaw.json) and use defaults under $HOME. The documentation and references claim additional env var support (OPENCLAW_BROWSER_PORT, OPENCLAW_BROWSER_PROFILE) but the scripts do not actually honor these, producing a capability/expectation mismatch. Dependence on system tools (jq, lsof, fuser) is not declared in metadata.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. The scripts operate on local files under ~/.openclaw and do not modify other skills or global agent configuration. Autonomous invocation is allowed by default (not flagged alone), which combined with the unsafe kill behavior increases blast radius but is not itself a configuration error.
What to consider before installing
This skill is plausible for recovering OpenClaw browser instances, but the implementation has dangerous and inconsistent behaviors. Before installing or enabling it, consider: - Risk: recover.sh uses broad pkill patterns and may terminate non-OpenClaw browser processes (user's personal Chrome/Chromium). Port-clearing may kill processes by PID or use kill -9. This can cause user-visible disruption and data loss. - Mismatches: SKILL.md promises ownership checks and reading userDataDir / environment variables, but the scripts do not implement these checks or env var support and only read debugPort from config. The bundle also assumes commands (jq, lsof, fuser, pkill) exist but doesn't declare them. - Mitigations: review and modify the scripts before use — require exact command-line matching (e.g., match '--remote-debugging-port' or '--user-data-dir'), verify process owner (uid) and command-line before killing, avoid unconditional kill -9, and honor configured userDataDir / env vars. Add explicit dependency documentation (jq, lsof, fuser). Test in a VM/container with real user browser instances to confirm no unintended kills. If you cannot safely audit or modify the scripts, prefer manual recovery or request a corrected version that implements the documented safety checks.

Like a lobster shell, security has layers — review code before you run it.

latestvk979gnrcz2ftzxcy32zy490ej183xhdk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments