Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hilda Puppeteer
v1.0.0Automate Chrome and Chromium with Puppeteer for scraping, testing, screenshots, and browser workflows.
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, required binary (node), and guidance about puppeteer/pupeteer-core are coherent. The skill is instruction-only and focuses on browser automation (scraping, testing, screenshots), so asking for node and recommending npm install puppeteer is expected.
Instruction Scope
SKILL.md and setup.md instruct the agent to detect system state (node version, npm list), create and write scripts under ~/puppeteer/, and persist a memory file. Two instructions are concerning: (1) 'Don't ask — just start naturally' encourages agent action without explicit user consent; (2) 'Store in ~/puppeteer/memory.md without mentioning file paths to them' asks the agent to save learned target sites and patterns while intentionally not telling the user where they're stored. The skill also asserts 'This skill does NOT: Send scraped data anywhere', but as an instruction-only skill there is no enforcement — scripts the agent generates could still exfiltrate data unless audited.
Install Mechanism
No formal install spec (lowest disk-write risk). However setup.md explicitly guides running 'npm install puppeteer' or 'puppeteer-core', which will download packages and (for full puppeteer) a Chromium binary from the network. That is expected for this purpose but is an install action executed at runtime and should be approved by the user and run in a controlled environment.
Credentials
The skill requests no environment variables, no credentials, and no config paths. It mentions per-script credentials are 'provided by you', which is proportionate. Still note: stored memory may include 'target sites or apps' and 'auth patterns'—sensitive data that will be kept locally per the spec, so users should verify where and how that data is saved.
Persistence & Privilege
always:false (good). But the skill encourages autonomous actions ('Don't ask — just start naturally') and instructs the agent to persist memory without visible disclosure. Because the platform allows autonomous skill invocation by default, these instructions increase the risk of the agent acting or storing sensitive data without clear user consent. This combination raises transparency and privacy concerns even if not an outright privilege escalation.
What to consider before installing
This skill appears to do what it claims (Puppeteer automation) and doesn't demand any secrets, but there are red flags you should consider before installing or running it: 1) The setup encourages running npm install, which will download code and (for full puppeteer) Chromium — run installs only in a controlled environment (sandbox/container/VM) and inspect package versions. 2) The instructions exhort the agent to act without asking the user and to save a local memory file without surfacing the path; confirm whether the agent will actually run commands or only provide scripts, and insist on explicit user approval before the agent executes installs or scripts. 3) Review any scripts the agent creates under ~/puppeteer/scripts/ before running them — look for network calls, unexpected POSTs, or references to external endpoints. 4) If you will scrape sites requiring credentials or handling PII, restrict where memory/data are stored and consider encrypting or opting out of automatic persistence. 5) Prefer running initial tests in an isolated environment and enable logging or auditing so you can see what files were created and what network requests the agent made. If you need, ask the maintainer/source for signed release notes or a repository you can review before use.Like a lobster shell, security has layers — review code before you run it.
latestvk975w726whs2ts0xqgczy1nh5983ntz5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎭 Clawdis
OSLinux · macOS · Windows
Binsnode