Skillv1.0.1

ClawScan security

browser-toggle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 2, 2026, 3:57 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are coherent with its stated purpose (toggling the OpenClaw built-in browser); it modifies the OpenClaw config and creates backups but contains no network exfiltration or unrelated credential requests.
Guidance: This skill appears to do what it says: it modifies ~/.openclaw/openclaw.json to enable/disable the built-in browser and keeps backups. Before installing: (1) verify the skill source — files reference GitHub but the registry source/homepage are 'unknown' — prefer an authoritative repository; (2) inspect browser_toggle.py (it is short and readable) and the backup directory to confirm no unexpected behavior; (3) do not allow creation of a global symlink (/usr/local/bin) unless you trust the package (the installer only attempts this if it has permission); (4) if you are unsure, run the code in an isolated environment/VM or manually copy the single script into your OpenClaw skills folder and run it without running setup.sh. The skill does modify your OpenClaw configuration and requires restarting OpenClaw to take effect — back up important data before proceeding.

Review Dimensions

Purpose & Capability: okName/description match behavior: code and scripts only read/write OpenClaw config (~/.openclaw/openclaw.json), manage backups (~/.openclaw/workspace/backups), and provide enable/disable/status/headless controls. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope: noteSKILL.md and install scripts instruct running setup/install which copy files into the user's OpenClaw workspace and invoke browser_toggle.py to modify openclaw.json. This is appropriate for the purpose, but note the skill writes to the user's OpenClaw config and creates backups — review those files before installing if you don't trust the source.
Install Mechanism: okNo remote downloads or archive extraction occur in the provided install scripts; setup.sh and install.sh copy local files into the ~/.openclaw workspace and optionally create a symlink. Build script creates local tarball; README references GitHub releases but install scripts do not fetch external content.
Credentials: okNo environment variables, credentials, or external tokens are required. The code accesses only the OpenClaw config and user home paths, which are necessary for the skill's stated function.
Persistence & Privilege: noteThe skill installs into the user's OpenClaw workspace and may create a global symlink (/usr/local/bin/openclaw-browser) if permissions allow. It does not set always:true or request persistent elevated privileges, but creating a global command requires writable /usr/local/bin (sudo) — avoid granting that unless you trust the package.