Stealth Browser

Access websites with advanced bot protection to fetch HTML, screenshots, PDFs, or multiple pages in parallel using isolated browser contexts.

This skill appears to do what it claims (stealth browsing), but there are a few practical risks you should weigh before installing: - Command-injection risk: The skill constructs shell commands by inserting user-provided URLs/arguments directly into execSync calls. If untrusted input reaches those args, it could be abused to run arbitrary shell commands. Ask the author to properly escape/avoid shell interpolation or run the child process with execFile/spawn and argument arrays. - Auto-install side-effect: onLoad runs 'npm install' in the skill directory, which will fetch many packages from the public npm registry and place them on disk. That means code is pulled and executed at load time — consider running this in an isolated environment or vetting the package-lock.json and packages first. - Sandbox flags: The browser is launched with --no-sandbox and --disable-setuid-sandbox. Those flags are often required in certain environments but reduce process isolation; avoid running this on a high-value host or run inside a hardened container. - Filesystem and network access: The skill writes output to /tmp and performs arbitrary network requests to target sites (including sites behind bot protections). Ensure this behavior is acceptable for your environment and that you are not violating terms of service or local policies. Recommendations: only use in an isolated VM/container, review/verify package-lock.json or run npm install in an offline/vetted mirror, request the author to fix unsafe execSync usage (use argument arrays or escaping), and confirm you are comfortable with automatic dependency installation and running Chromium with the provided flags.

Type: OpenClaw Skill Name: xthezealot-stealth-browser Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability in `index.js`. User-provided URLs are directly concatenated into a command executed via `child_process.execSync` without proper sanitization. This allows an attacker to inject arbitrary shell commands, leading to potential Remote Code Execution (RCE) on the host system. For example, a crafted URL like `https://example.com; rm -rf /` could execute `rm -rf /`. While the core functionality of a 'stealth browser' is benign, this severe input sanitization flaw makes the skill highly risky, even though there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, persistence) by the skill's developer.