Scan Report
5 /100
Server Browser Automation
在无桌面服务器上实现 OpenClaw 浏览器自动化的完整解决方案
Legitimate browser automation skill that sets up XFCE desktop, VNC, and Chrome for OpenClaw integration with no malicious behavior detected.
Safe to install
This skill is safe for use. No additional security controls needed beyond standard system administration practices.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | install.sh creates config files in ~/.vnc/, ~/.openclaw/ |
| Shell | WRITE | WRITE | ✓ Aligned | install.sh requires sudo; SKILL.md line 250 documents troubleshooting shell comm… |
| Network | READ | READ | ✓ Aligned | Downloads from dl.google.com for Chrome installation |
| Environment | NONE | NONE | — | No environment variable access detected |
| Skill Invoke | NONE | NONE | — | No inter-skill invocation detected |
| Clipboard | NONE | NONE | — | No clipboard access detected |
| Browser | WRITE | WRITE | ✓ Aligned | Core purpose: browser automation with Chrome remote debugging |
| Database | NONE | NONE | — | No database access detected |
1 Critical 11 findings
Critical Dangerous Command 危险 Shell 命令
rm -rf ~ SKILL.md:250 Medium External URL 外部 URL
https://dl.google.com/linux/linux_signing_key.pub README.md:17 Medium External URL 外部 URL
http://dl.google.com/linux/chrome/deb/ README.md:18 Medium External URL 外部 URL
https://www.douyin.com README.md:40 Medium External URL 外部 URL
https://www.example.com SKILL.md:145 Medium External URL 外部 URL
https://item.jd.com/xxx.html SKILL.md:192 Medium External URL 外部 URL
http://127.0.0.1:18800/json/list SKILL.md:226 Medium External URL 外部 URL
https://docs.openclaw.ai SKILL.md:354 Medium External URL 外部 URL
https://chromedevtools.github.io/devtools-protocol/ SKILL.md:355 Medium External URL 外部 URL
https://www.realvnc.com/en/connect/docs/ SKILL.md:356 Medium External URL 外部 URL
https://docs.xfce.org/ SKILL.md:357 File Tree
4 files · 15.8 KB · 593 lines Markdown 2f · 433L
Shell 1f · 125L
JSON 1f · 35L
├─
install.sh
Shell
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Dependencies 2 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
google-chrome-stable | latest | apt (Google repository) | No | Standard installation from official Google repo |
xfce4, tigervnc-standalone-server | latest | apt (Ubuntu repository) | No | Standard system packages |
Security Positives
✓ SKILL.md comprehensively documents all functionality including shell commands
✓ rm -rf command at line 250 is scoped to browser profile directory (~/.config/openclaw-browser-openclaw), not home directory
✓ Chrome installation downloads from official Google repository
✓ No credential harvesting or API key extraction
✓ No obfuscated code, base64 execution, or reverse shell patterns
✓ No C2 communication or data exfiltration
✓ VNC password requires interactive user input (vncpasswd)
✓ Install script properly checks for root/sudo privileges