ClawHub

chrome-relay-browser

Security checks across malware telemetry and agentic risk

Overview

This skill transparently controls a user-attached Chrome tab through a local relay, but it gives the agent powerful live-browser abilities that should be used only on intended pages.

Install only if you want OpenClaw to control visible Chrome tabs you manually attach. Keep the relay token private, attach only the intended tab, and supervise actions on logged-in or sensitive websites.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI02: Tool Misuse and Exploitation
Medium
What this means

An agent using this skill can read or change the currently attached web page and may act within already logged-in browser sessions.

Why it was flagged

The tool intentionally allows arbitrary JavaScript evaluation in the attached Chrome tab, alongside navigation, screenshot, click, and fill operations.

Skill content
case 'evaluate': { const js = args.join(' '); const result = await sendCommand(ws, 'Runtime.evaluate', { expression: js });
Recommendation

Attach only the tab you intend the agent to control, avoid sensitive accounts unless needed, and require explicit confirmation before submitting forms, purchases, account changes, or other irreversible actions.

#
ASI03: Identity and Privilege Abuse
Medium
What this means

Anyone or any process with access to the relay token and local relay could potentially control attached Chrome tabs.

Why it was flagged

The skill uses a local relay token that grants access to the browser relay; this is disclosed and expected, but it is still a sensitive credential.

Skill content
Token 和 Port 存储在 `~/.openclaw/secrets/browser-relay.env`,脚本自动读取:- `RELAY_TOKEN` - Gateway token
Recommendation

Protect the secrets file, rotate the relay token if exposed, and detach tabs or disable the relay when browser automation is not needed.

#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means

The skill may fail unless the dependency is already available, or it may rely on an ambient package outside the reviewed artifacts.

Why it was flagged

The script depends on the external 'ws' Node module, but the provided install specification says there is no install spec, so dependency provenance and setup are not fully described.

Skill content
const WebSocket = require('ws');
Recommendation

Use a pinned package/install specification or document the trusted source of the WebSocket dependency.