Back to skill

Security audit

browser-recover

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to fix broken OpenClaw browser sessions, but its recovery script can broadly close local browser processes and kill services on common ports without enforcing its own safety limits.

Install only if you are comfortable with a recovery helper that may terminate browser processes and port owners. Use it in a dedicated OpenClaw container or isolated workspace when possible; on a personal machine, run check_state.sh first, inspect the listed PIDs and command lines, avoid default full recovery, and back up or rename any browser profile before deleting it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill metadata and body promise a constrained recovery action, but the documented behavior expands into additional state inspection, cache deletion, and config-driven targeting while also claiming an automatic retry that is not actually implemented in the file. This mismatch is security-relevant because operators and orchestrators may authorize or invoke the skill under incomplete assumptions, leading to unintended destructive actions or trust in safeguards that do not exist.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation normalizes cleanup of browser profile directories and lock files without clearly warning that this can delete session state, invalidate cookies, or disrupt active browser instances. In a recovery skill that automatically performs process killing and profile cleanup, the absence of explicit cautions increases the chance of accidental destructive use and unexpected loss of user data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The troubleshooting guide explicitly recommends manual `kill -9` of zombie browser processes without an immediate warning about possible loss of unsaved work or disruption of other browser sessions. In a recovery skill that deals with shared local browser state, destructive process termination can affect unrelated instances and lead to user data loss if operators follow the guidance incautiously.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide advises deleting and recreating the browser profile directory as a recovery step, but does not clearly warn that profile deletion can remove cookies, session state, downloads metadata, and other user/browser data. In this skill's context, profile directories are central to browser recovery, so an operator may treat this as routine and cause avoidable data loss.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```bash
# CORRECT: Only cleans OpenClaw-managed profiles
rm -f ~/.openclaw/browser/*/SingletonLock
rm -rf ~/.openclaw/browser/*/Cache
```

### ✅ Verify Port Ownership Before Clearing
Confidence
76% confidence
Finding
rm -rf ~/.openclaw/browser/*/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
references/safety.md:45