Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
browser-use-init
v1.0.0初始化并启动 Chrome DevTools Protocol(CDP)模式,支持用 Playwright 和 browser-use Agent 远程控制真实 Chrome 浏览器。解决 Chrome 145+ App-Bound Encryption 限制,自动复制 Profile 到非默认路径以启用 CDP...
⭐ 0· 149·0 current·0 all-time
by@xyzmeat
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's code and SKILL.md align: it copies a Chrome profile, starts Chrome with a non-default user-data-dir, and exposes CDP for Playwright/browser-use. These operations are consistent with the stated purpose (enable CDP for Chrome 130+). However, the registry metadata declares no required config paths or sensitive access, while the implementation explicitly reads %LOCALAPPDATA%\Google\Chrome\User Data and writes a profile copy to a temp path — a mismatch worth noting.
Instruction Scope
Runtime instructions and scripts perform intrusive local operations: force-killing all chrome.exe processes (taskkill), copying 'Local State' and the Default profile (including cookies and other browser state), writing the copy to a target directory, launching Chrome via a constructed shell command, and polling the local CDP HTTP endpoints. These are within the claimed scope but involve sensitive local data and process control; the SKILL.md does not sufficiently emphasize the privacy/security consequences of copying Local State and cookies.
Install Mechanism
This is instruction-only with bundled Python scripts; there is no network download/install step in the skill itself. Dependencies (playwright, browser-use, langchain-ollama) are installed via pip according to the README, which is expected and proportionate. No external archives or unknown URLs are fetched by the skill.
Credentials
The skill does not require external credentials but does read and write local Chrome profile data (SRC_DIR defaults to %LOCALAPPDATA%\Google\Chrome\User Data) and writes to DST_DIR (default in %TEMP%). Those sensitive local paths are not declared in the registry metadata's required config paths. The CHROME_EXE, CHROME_SRC_DIR, CHROME_PROFILE_DIR and CDP_PORT environment variables can alter behavior; CHROME_EXE being user-controllable means a maliciously set env var could point to an arbitrary executable, which is a potential risk if untrusted inputs are used.
Persistence & Privilege
The skill does not set always:true and does not modify other skills' configurations. It writes a profile copy to disk and will keep a persistent profile directory, which is normal for its functionality. It does, however, forcibly terminate local Chrome processes during startup, which is a disruptive privileged action and should be expected by the user.
What to consider before installing
This skill will: (1) forcibly stop all running Chrome processes on the machine, (2) copy your Chrome 'Local State' and 'Default' profile (including cookies and other browser state) from your user profile into a custom directory, and (3) launch Chrome with that copied profile so CDP is enabled. These are necessary for the stated workaround but carry privacy and disruption risks. Before installing/running: back up your Chrome profile, review the start_chrome.py script, and be prepared for Chrome to be terminated when the script runs. If you are concerned about sensitive cookies or wish to minimize risk, run the skill in an isolated VM or throwaway account. Also validate your CHROME_EXE and CHROME_PROFILE_DIR environment variables (don't point them to untrusted binaries/locations), and ensure your local Ollama service (if used) is trusted. The registry metadata does not declare the profile access — treat that as a sign to inspect the code and test in an isolated environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk976nr7xhzenpw5y5earhc9tc9832egx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.