ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Browser Steel

v1.0.0

Browser automation with Steel CLI as the default runtime, plus a Python Playwright fallback for custom flows. Use when the user asks to open a JS-heavy site,...

0· 51·0 current·0 all-time
by@xyanmi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (browser automation with Steel CLI + Python Playwright fallback) align with required binaries (steel, python3), the presence of a wrapper script, and the single required env var STEEL_API_KEY. The included CLI commands, session workflows, and Python plan runner are coherent with the stated purpose.
!
Instruction Scope
SKILL.md and scripts/main.py load environment variables and .env files (cwd and skill dir) and reference additional environment variables (e.g., STEEL_BROWSER_ENV_FILE, STEEL_BROWSER_COOKIES_FILE, STEEL_BROWSER_PYTHON_BIN, STEEL_BROWSER_CLI_BIN, STEEL_BROWSER_API_URL / STEEL_LOCAL_API_URL) that are not listed as required in the registry metadata. While these are plausible runtime options for configuring the wrapper, loading .env from the current working directory or skill directory can cause the skill to read local secrets unexpectedly. The instructions do warn against baking secrets into the skill, but the automatic .env loading behavior is a privacy-sensitive action worth noting.
Install Mechanism
No install spec (instruction-only plus an included wrapper script). The wrapper may invoke the CLI via an installed `steel` binary or fall back to `npx --yes @steel-dev/cli`, which will fetch code from the npm registry at runtime. Using npx implies runtime network retrieval/execution of package code (moderate risk compared to a declared, reviewed package install). This is expected for a CLI-first skill but worth awareness.
Credentials
The declared primary credential is a single STEEL_API_KEY, which is appropriate. However, the code and docs use several optional env vars and files (cookies file paths, alternate python binary, forced CLI bin, env-file variables, and API URL overrides). These extras are relevant to advanced runtime scenarios but increase the number of sensitive inputs the skill can read. None of them appears unrelated to the stated functionality, but they should be considered when setting environment context.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence. It does read .env files and may create named sessions via the Steel CLI (normal for browser automation), but it does not modify other skills or global agent settings. Autonomous invocation is allowed by default (normal for skills) and is not by itself a reason to downgrade the verdict.
Assessment
This skill appears to be what it claims: a CLI-first browser automation wrapper that uses a STEEL_API_KEY to talk to the Steel runtime and can fall back to Python/Playwright. Before installing or using it: (1) Treat your STEEL_API_KEY like any API secret — ensure the key's scope and permissions are appropriate and rotate it if unsure. (2) Be aware the wrapper automatically looks for .env files in your working directory and the skill directory and will merge those values into its environment — do not keep unrelated secrets in those locations if you don't want them read by the skill. (3) The wrapper may call `npx @steel-dev/cli` when a local `steel` binary is absent; npx downloads and runs code from npm at runtime, so only use that fallback in environments where you trust the upstream package. (4) Optional env vars (STEEL_BROWSER_COOKIES_FILE, STEEL_BROWSER_ENV_FILE, STEEL_BROWSER_PYTHON_BIN, STEEL_BROWSER_CLI_BIN, STEEL_BROWSER_API_URL, etc.) are supported — review and set them explicitly rather than relying on auto-discovery. (5) If you need higher assurance, inspect or run the included scripts/main.py in a sandboxed environment to confirm behavior, or require a local installation of the trusted `steel` CLI to avoid npx network pulls.

Like a lobster shell, security has layers — review code before you run it.

latestvk9784m4antkys7f5rcf8c03k2183mysz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis
Binssteel, python3
EnvSTEEL_API_KEY
Primary envSTEEL_API_KEY

Comments