browser-recover

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill is meant to repair browser-tool failures, but its default cleanup can close unrelated Chrome/Chromium windows or services without verifying they belong to OpenClaw.

Review or modify scripts/recover.sh before installing. It is safest in a dedicated container or environment where all Chrome/Chromium processes and ports 9222/18800 are OpenClaw-owned. If used on a personal machine, run check_state.sh first, inspect the listed PIDs manually, and avoid automatic full recovery unless you are comfortable with browser windows or local services being terminated.

Static analysis

Destructive delete command

Warn

Finding: Documentation contains a destructive delete command without an explicit confirmation gate.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

High

What this means

A failed browser tool call could cause the agent to close your personal browser, interrupt other agents, or kill an unrelated service using port 9222 or 18800.

Why it was flagged

The script broadly terminates browser-name matches and any process listening on configured ports, including a force-kill fallback, without checking that the process is OpenClaw-owned or using the OpenClaw profile.

Skill content

PROCESS_NAMES=("chromium" ... "chrome" "google-chrome") ... pkill -f "$proc" ... fuser -k "${port}/tcp" ... kill -9 "$PID"

Recommendation

Narrow process matching to command lines that include the OpenClaw user-data directory and expected debug port, inspect PIDs before killing, avoid kill -9 by default, and require user approval before full recovery.

#ASI09: Human-Agent Trust Exploitation

Medium

What this means

Users may rely on the documented safety guarantees and allow automatic recovery even though the actual script can affect non-OpenClaw processes.

Why it was flagged

The safety text promises containment and verification, but the included recovery script does not enforce those protections and contains broad pkill/fuser/kill -9 behavior.

Skill content

DO: Only clean OpenClaw-managed browser instances ... Verify process ownership before killing ... DON'T: Kill user's personal browser processes ... Use `kill -9` without verification

Recommendation

Update the implementation to match the safety claims, or revise the instructions to clearly warn that recovery may kill broader browser and port processes unless manually reviewed.