ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ziniao-webdriver-doc

v1.0.0

Use when 需要理解紫鸟浏览器 WebDriver 自动化接口的定位、能力、架构或对接流程, 用于设计讨论、集成规划或工具评估。 不要用于执行具体自动化脚本编写——执行时直接参考 reference/ 中的接口与示例。

0· 104·0 current·0 all-time
by@ziniao-open
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: this is reference documentation for a local WebDriver API. The files only document HTTP API calls, startup flags, example code, and troubleshooting; they do not attempt to perform unrelated cloud or system-wide actions.
Instruction Scope
The SKILL.md and reference files include actionable shell snippets (pkill, PowerShell Stop-Process), subprocess examples to start the browser, and example code that downloads ChromeDriver from googlechromelabs or accesses CDN/demo repos. These are expected for integration docs, but they are operational commands that — if executed — will kill processes, launch binaries, and download artifacts. The skill itself is instruction-only (no install), so these are examples rather than enforced actions.
Install Mechanism
No install spec or packaged code is provided. All content is documentation and example code; nothing is downloaded or extracted by the skill at install time.
Credentials
The documented APIs require company/username/password for many operations; the skill does not declare or request any environment variables or primary credential. This is coherent for a docs skill, but it means any real integration will need credentials — use dedicated automation accounts and avoid supplying high-privilege secrets to an agent without review.
Persistence & Privilege
The skill does not request persistent presence, special agent privileges, or modify other skills. Defaults for autonomous invocation remain, which is normal; there is no evidence this skill abuses that capability.
Assessment
This skill is documentation and appears internally consistent with that purpose. Before you use it or run any example code: - Treat company/username/password mentioned in the docs as sensitive: create a dedicated automation account with minimal privileges for testing. Do not reuse high-privilege credentials. - Example commands (pkill, Stop-Process) will kill processes — run them only when you intend to stop the client and understand the impact. - Example code downloads ChromeDriver from googlechromelabs and refers to CDN download links; verify the URLs and checksum/contents before running in production. - The docs mention --listen_ip which can expose remote control; avoid enabling remote listening on untrusted networks. - Because this is read-only documentation (no install), the main risk is from actually executing provided snippets — review and run examples in an isolated/test environment and with least-privilege credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d78e5j1j7em4qzgfnm87cms83m974

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments