OpenCLI Universal CLI Hub
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a broad CLI/browser bridge that can reuse Chrome logins and local tools, but its install sources, credential scope, and safety boundaries are not clearly constrained.
Review carefully before installing. Use only if you trust the npm package and Chrome extension, prefer a separate browser profile with limited accounts, avoid registering sensitive local tools, and disable or remove the bridge when not needed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could operate using your already-logged-in browser sessions and access private account data on supported or newly adapted websites.
The skill explicitly relies on existing browser sessions, cookies, and authentication headers for target sites, but the artifacts do not bound which accounts/sites may be used or what authenticated data may be accessed.
复用 Chrome 登录态 ... Chrome 浏览器(需登录目标网站) ... Tier 2 | 加 `credentials:'include'` ... Tier 3 | 需 Bearer/CSRF header
Use a separate Chrome profile with only the accounts you intend to expose, review the package and extension before use, and avoid using this with sensitive sessions unless the scope is clearly controlled.
A configured agent may gain access to local tools or mutate the local environment in ways broader than a single website lookup.
The skill can expose arbitrary local CLI tools to the agent and install missing tools as a side effect, without documented approval prompts, allowlists, or rollback boundaries.
opencli register mycli # 注册本地 CLI,AI Agent 可通过 opencli list 发现 opencli gh pr list # 自动检测并安装缺失工具
Do not register sensitive local CLIs, require explicit user confirmation before installs or mutations, and run the tool in a constrained environment where possible.
You would be trusting external code that was not included in the submitted skill artifacts and may update independently via the `latest` tag.
The setup pulls an unpinned global npm package and a side-loaded browser extension from outside the reviewed artifact set; this is especially important because the extension/CLI can interact with logged-in browser sessions.
npm install -g @jackwener/opencli@latest ... Browser Bridge 扩展(从 GitHub Releases 下载 opencli-extension.zip → chrome://extensions → 开发者模式 → 加载已解压的扩展)
Prefer pinned versions, verify package and extension provenance, inspect source code, and avoid installing from unverified release assets.
Authenticated browser context may pass through a local bridge whose access controls are not documented in the skill artifact.
The skill depends on a browser extension and local daemon bridge, but the artifacts do not describe the bridge's authentication, origin restrictions, data boundaries, or how authenticated browser data is protected.
opencli doctor # 检查扩展 + daemon 连通性 ... Daemon 问题 → `curl localhost:19825/status` 检查
Confirm the daemon only listens locally, verify any authentication/origin checks, disable the extension when not in use, and avoid exposing the local port.
Users may underestimate the privacy and account-access risks of installing and using the bridge.
The 'Zero risk' claim is misleading in context because the same artifact asks users to reuse browser login state, install external code, and expose local/browser tools.
> Zero risk, Reuse Chrome login, AI-powered discovery, Universal CLI Hub.
Treat the skill as high-privilege despite the wording; the publisher should replace 'Zero risk' with concrete security boundaries and limitations.