browser-toggle
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward browser-toggle utility, but it persistently changes OpenClaw browser settings and may retain website login sessions.
Before installing, review the local setup script and be sure you want this skill to change OpenClaw's browser configuration. Use `--status` to verify the current mode, keep the automatic backups, and remember that any websites you log into inside the OpenClaw browser may remain accessible to later browser tasks.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running enable or disable changes OpenClaw's browser mode until it is changed back; an unintended run could disrupt local OpenClaw behavior.
The tool edits OpenClaw's main browser configuration file, backing it up before saving. This is exactly the advertised function, but it changes how the agent/browser operates.
self.config_file = Path.home() / ".openclaw" / "openclaw.json" ... self._backup_config() ... json.dump(config, f, indent=2, ensure_ascii=False)
Run these commands only when you intend to change browser mode, check `--status`, keep the generated backups, and use `--disable` or `--restore` if needed.
Future OpenClaw browser automation may be able to act within websites where you remain logged in.
The documentation discloses that the OpenClaw browser uses its own profile and can retain website login state after a user manually logs in.
数据位置: `~/.openclaw/browser/` ... 手动输入账号密码登录 ... 登录状态会保存
Only log in to accounts you want OpenClaw to use, prefer dedicated or low-privilege accounts where possible, and log out or clear the OpenClaw browser profile when finished.
Running setup changes local files and may add a command on the PATH, but it does not appear to install hidden services or run unrelated code.
The installer is a local shell script that copies files into the OpenClaw skills directory and optionally creates a global command. This is disclosed setup behavior and no remote code download is shown.
cp -r "$(dirname "$0")"/* "$INSTALL_DIR/" ... ln -sf "$INSTALL_DIR/browser_toggle.py" /usr/local/bin/openclaw-browser
Review `setup.sh` before running it, install from a trusted copy of the package, and remove the symlink during uninstall if it was created.