ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Bookmark Organize

v0.1.1

Organize Chrome bookmarks through OpenClaw with preview, explicit confirmation, apply, undo, and a local Chrome executor bridge. Use for conservative Chrome...

0· 36·0 current·0 all-time
by@xiaoshidefeng
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The files, Chrome MV3 extension, and local Node bridge align with the declared purpose (organizing Chrome bookmarks). Requiring a locally loaded unpacked extension and a local bridge is consistent with the goal of reading and mutating Chrome bookmarks.
!
Instruction Scope
The SKILL.md correctly restricts execution to the local bridge + Chrome executor and demands explicit confirmation before changes. However, the runtime instructions rely on an always-running local HTTP/WS bridge and an unpacked extension; the code shows no HTTP auth or origin checks and the bridge sets Access-Control-Allow-Origin: '*', meaning other local processes or webpages can call the bridge endpoints directly (POST /apply, /undo, /validate, /context). That allows bypassing the host AI's promised explicit-confirmation guard in practice.
Install Mechanism
There is no remote installer; the package is instruction-only but includes extension and bridge code which the user must run locally (npm install, run Node scripts, load unpacked extension). This avoids fetching remote binaries, which is lower risk, but it does require manual installation of an unpacked Chrome extension (which grants the bookmarks permission).
Credentials
The skill does not request environment variables or external credentials. The extension requests the 'bookmarks' permission, which is appropriate for editing bookmarks, but this permission is powerful (full bookmark read/write).
Persistence & Privilege
The skill does not set always:true and does not request cross-skill config. However, it installs a persistent local service (bridge) and an unpacked Chrome extension (service worker) that will remain active while the user keeps Chrome and the bridge running. That local service exposes privileged bookmark mutation endpoints and stores undo records in extension storage.
What to consider before installing
This skill appears to do what it says and uses a local extension + bridge to operate on Chrome bookmarks, but it introduces a potentially dangerous local API surface. The bridge listens on localhost and responds with Access-Control-Allow-Origin: '*', and endpoints accept POST /apply and /undo which are forwarded to the extension to change bookmarks. That means a webpage or local process could, while the bridge and extension are running and connected, send requests that modify your bookmarks without going through the skill's explicit-confirmation UI. Before installing or using this skill: - Review the included code yourself (or have someone you trust review it). The vulnerable parts are the local-bridge-server (CORS '*' and unauthenticated endpoints) and the extension's use of the bookmarks permission. - Only run the bridge server and load the unpacked extension when you need the skill, and keep them stopped/disabled otherwise. - Consider running the bridge behind a simple local auth token or modifying the code to bind to a non-public interface or require a secret header before forwarding requests. - Be cautious about visiting untrusted websites while the bridge+extension are live. - If you need a safer alternative, ask the author to add authentication (e.g., a per-run secret token) or restrict CORS and/or require the bridge to only accept requests from a local CLI with the token.
bridges/preflight.mjs:149
Shell command execution detected (child_process).
bridges/setup.mjs:31
Shell command execution detected (child_process).
scripts/run-repo-script.mjs:23
Shell command execution detected (child_process).
bridges/ensure-live.mjs:6
Environment variable access combined with network send.
bridges/preflight.mjs:8
Environment variable access combined with network send.
!
apps/chrome-executor-extension/manifest.json:12
Install source points to URL shortener or raw IP.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971jj6mxh3fnhsz72vhffg25n84qqew

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔖 Clawdis
OSmacOS

Comments