OpenClaw Native Browser
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it could run or load code that was not reviewed in this artifact set, while the skill is intended to handle browser sessions and account logins.
The reviewed package is instruction-only, but it asks users to install runnable Python code from an unpinned external repository. That code was not present for static review.
git clone https://github.com/yungookim/openclaw-browser.git ~/clawd/openclaw-browser ... pip install -e .
Review the external repository before installing, pin to a trusted commit, and prefer a packaged install spec or lockfile before using it with real accounts.
An agent using this browser could act as you on signed-in websites or access session cookies for accounts used in the browser.
The skill accepts account passwords for third-party services and exposes browser cookies, which are high-impact identity and session authorities.
`skill.login_perplexity(email, pw)` ... `skill.login_chatgpt(email, pw)`; `skill.get_cookies()` | Get all cookies
Use only accounts you are comfortable delegating, prefer manual login where possible, avoid sharing passwords with the agent, and clear cookies/sessions after use.
If used on an authenticated site, the agent could submit forms, change settings, post content, or trigger account actions unless the user supervises it.
The browser interface allows arbitrary navigation, JavaScript execution, clicking, and typing on pages, but the artifact does not define approval or domain/action limits.
`skill.load(url, wait=2.0)` ... `skill.execute_js(code)` ... `skill.click(selector, wait=1.0)` ... `skill.type_text(selector, text)`
Require explicit confirmation before actions that submit, purchase, post, delete, or change account data, and restrict use to intended domains.
A later browsing task could inherit earlier logged-in sessions or site state, which may expose private data or cause actions under the wrong account context.
The browser keeps session state across calls and across sites, but the artifact does not describe isolation, retention, clearing, or task boundaries.
Persistent cookies & multi-site sessions ... Singleton browser — one instance, reused across calls
Use separate profiles for sensitive sites, clear cookies after tasks, and add explicit controls for session lifetime and per-task isolation.
This can make the agent use the persistent browser for more web tasks than the user may expect.
The skill recommends changing OpenClaw configuration so web tasks route through this browser instead of the built-in web tools.
Disable Built-in Web Tools (Recommended) ... ensure OpenClaw routes web tasks through openclaw-browser
Only disable built-in web tools if you intentionally want this browser to handle web tasks, and revisit the setting if behavior changes unexpectedly.