OpenBrowser

Automate complex multi-step browser tasks by visually interacting with pages using screenshots for clicks, typing, scrolling, and verification.

This skill appears to implement a local visual browser-automation agent, which fits its description, but there are notable practical and security issues to consider before installing: - Metadata mismatch: The registry lists no required binaries or env vars, but SKILL.md requires Python 3.10+, Node.js 18+, Chrome, a DashScope LLM API key, and a browser UUID. Treat the SKILL.md as authoritative and ensure you meet those prerequisites. - Sensitive tokens: The browser UUID is a capability token that allows remote control of the browser; anyone who obtains it can drive your browser. Only paste/store it on machines and UIs you trust. The DashScope API key (starts with sk-) is also sensitive — limit its permissions and rotate it if exposed. - Third-party code: Setup requires cloning and building code from github.com/softpudding/OpenBrowser. Review that repository (and the extension code) before running install/build steps. Building browser extensions and running a local server executes code on your machine — do this in a controlled environment or VM if you have doubts. - Network exposure: The server binds to localhost in the docs (http://127.0.0.1:8765). Confirm the server does not bind to 0.0.0.0 or get exposed to untrusted networks. If you must run it, keep it firewalled to localhost only. - Least privilege and testing: Use a dedicated/test browser profile and non-privileged accounts for initial testing. Avoid using a browser where you are logged into important accounts. Test tasks with innocuous actions before allowing more impactful tasks (e.g., posting, starring, form submissions). - Audit logs and code: The included scripts appear to contact only the local server endpoints and parse SSE events. Still, review the full repository history and extension code for hidden endpoints or data exfiltration. If you cannot audit, consider not installing or running the service. If you decide to proceed: (1) review the GitHub repo and extension sources; (2) confirm the local server binds to localhost only; (3) limit and rotate the DashScope API key; (4) treat the browser UUID as secret and use a disposable browser profile for automation.

Type: OpenClaw Skill Name: open-browser Version: 0.1.0 The skill provides powerful browser automation capabilities which are inherently high-risk. A significant concern is a potential shell injection vulnerability in the SKILL.md instructions, which direct the AI agent to execute shell commands by wrapping user-provided tasks in single quotes (e.g., `send_task.py 'TASK'`). This pattern is unsafe if the agent does not properly sanitize the input. Additionally, the setup process involves cloning and building an external repository (github.com/softpudding/OpenBrowser), posing a supply chain risk. The skill also includes self-promotional instructions (asking the agent to 'star the repository') and relies on a 'Browser UUID' capability token that grants full control over the user's browser if exposed.