ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

BrowseCTL

v0.1.1

WebDriver automation CLI for AI-driven browser control. Provides session management, tab control, element interaction, screenshots, batch execution, and an i...

0· 31·0 current·0 all-time
by@yorelog
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description align with the files and runtime behavior: this is an npm wrapper that installs and proxies to a browsectl binary and provides WebDriver-based browser automation. Requiring a browsectl binary and providing npm install instructions is coherent.
!
Instruction Scope
SKILL.md explicitly instructs running `browsectl setup` which will detect installed browsers and auto-download matching WebDriver binaries. The session-create docs describe copying user browser data (cookies and extensions) into the automation profile — and note that in non-interactive/background mode this copy defaults to enabled. That means the tool will access sensitive local browser profile files (Cookies SQLite DB, extensions) without additional environment variables or credentials. The instructions also persist sessions and driver info to ~/.browsectl, and start detached driver processes.
Install Mechanism
The npm package's postinstall (scripts/install.js) downloads a platform-specific prebuilt binary from GitHub Releases (https://github.com/yorelog/browsectl/releases) and extracts it into the package bin directory. Downloading releases from GitHub is common and reasonable, but it does write and chmod an executable on disk and relies on a network fetch at install time — this is moderate-risk behavior (trusted host but arbitrary binary execution).
!
Credentials
The skill declares no required environment variables, which is fine, but the documented runtime behavior involves reading local browser installations and profiles and (by default in non-interactive/background worker mode) copying cookies and extensions from the user's real browser profile. Access to these local files is not represented in the package metadata and is sensitive. No external API keys are requested, but local data access can still expose secrets (login cookies, extension state).
Persistence & Privilege
The skill is not marked always:true. It persists runtime state and sessions to ~/.browsectl and can spawn detached WebDriver server processes that remain running after CLI exit. Persisting sessions and storing binaries under the package are expected for a CLI tool, but you should be aware it creates files and running processes on install/use.
Scan Findings in Context
[postinstall_network_download_from_github_releases] expected: scripts/install.js downloads a platform-specific archive from GitHub Releases and extracts it to create the `browsectl` binary. This is expected for packaging a prebuilt CLI binary but means code is fetched and executed at install time.
[exec_child_process_to_proxy_binary] expected: scripts/run.js uses child_process.execFileSync to invoke the installed binary. This is the expected behavior for an npm wrapper that proxies to a native executable.
[local_browser_profile_access_and_copy] expected: SKILL.md and session docs describe detecting installed browsers, reading profile paths, and copying cookies/extensions into an automation profile (and defaulting to copy in non-interactive mode). This is consistent with a browser automation tool but represents sensitive local file access.
What to consider before installing
This package is coherent with its stated purpose (a WebDriver CLI wrapper) but has two important security considerations: 1) Install behavior: the npm postinstall will download a prebuilt binary from GitHub Releases and place an executable on disk. That binary will be executed via the wrapper. Treat that as running third-party native code — verify the publisher/repo and trustworthiness before installing. 2) Sensitive local data access: the tool is designed to detect your installed browsers and (unless you opt out) can copy cookies and extensions from your real browser profile into the automation profile. If you run it non-interactively (background worker or invoked by an agent), the docs say it defaults to copying cookies and extensions. That can expose authentication cookies and extension data. If you need this skill, either run it in interactive mode and decline copying, use the explicit --no-copy-data flag, or run it in an isolated environment (clean browser profile or VM) to avoid leaking sensitive profile data. Additional recommendations: inspect the GitHub repository/release assets referenced in the SKILL.md, verify the binary checksum if available, and prefer installing only after confirming the upstream source. If you plan to let an AI agent invoke this autonomously, consider restricting that agent's ability to request operations that would trigger profile copying or downloads.
scripts/install.js:71
Shell command execution detected (child_process).
scripts/run.js:9
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972ajsd04d1k0dkabcq20qsrx841ps2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsbrowsectl

Comments