browser-toggle

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed utility for switching OpenClaw browser modes, with expected local config changes and some privacy/hardening caveats.

Install this only if you want a tool that changes OpenClaw's browser configuration. Use --restore only with known backup files, keep backups if you may need to revert, and avoid logging sensitive accounts into the OpenClaw browser profile on shared or untrusted machines because saved sessions may remain available to later browser automation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The README explicitly instructs users to log into websites and states that the login state will be saved, but it does not clearly warn that credentials, cookies, session tokens, and other sensitive browser artifacts may persist in the OpenClaw browser profile directory. In this skill context, that omission is security-relevant because the tool is specifically designed to switch browser modes and manage a persistent profile, increasing the chance that users will store sensitive sessions without understanding the privacy and access implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal