Server Browser Automation 安全扫描报告 — 可信 | ClawSafe

5 /100

Server Browser Automation

在无桌面服务器上实现 OpenClaw 浏览器自动化的完整解决方案

Legitimate browser automation skill that sets up XFCE desktop, VNC, and Chrome for OpenClaw integration with no malicious behavior detected.

技能名称Server Browser Automation

分析耗时35.9s

引擎pi

✓

可以安装

This skill is safe for use. No additional security controls needed beyond standard system administration practices.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	install.sh creates config files in ~/.vnc/, ~/.openclaw/
命令执行	`WRITE`	`WRITE`	✓ 一致	install.sh requires sudo; SKILL.md line 250 documents troubleshooting shell comm…
网络访问	`READ`	`READ`	✓ 一致	Downloads from dl.google.com for Chrome installation
环境变量	`NONE`	`NONE`	—	No environment variable access detected
技能调用	`NONE`	`NONE`	—	No inter-skill invocation detected
剪贴板	`NONE`	`NONE`	—	No clipboard access detected
浏览器	`WRITE`	`WRITE`	✓ 一致	Core purpose: browser automation with Chrome remote debugging
数据库	`NONE`	`NONE`	—	No database access detected

1 严重 11 项发现

💀

严重危险命令危险 Shell 命令

rm -rf ~

SKILL.md:250

🔗

中危外部 URL 外部 URL

https://dl.google.com/linux/linux_signing_key.pub

README.md:17

🔗

中危外部 URL 外部 URL

http://dl.google.com/linux/chrome/deb/

README.md:18

🔗

中危外部 URL 外部 URL

https://www.douyin.com

README.md:40

🔗

中危外部 URL 外部 URL

https://www.example.com

SKILL.md:145

🔗

中危外部 URL 外部 URL

https://item.jd.com/xxx.html

SKILL.md:192

🔗

中危外部 URL 外部 URL

http://127.0.0.1:18800/json/list

SKILL.md:226

🔗

中危外部 URL 外部 URL

https://docs.openclaw.ai

SKILL.md:354

🔗

中危外部 URL 外部 URL

https://chromedevtools.github.io/devtools-protocol/

SKILL.md:355

🔗

中危外部 URL 外部 URL

https://www.realvnc.com/en/connect/docs/

SKILL.md:356

🔗

中危外部 URL 外部 URL

https://docs.xfce.org/

SKILL.md:357

目录结构

4 文件 · 15.8 KB · 593 行

Markdown 2f · 433L Shell 1f · 125L JSON 1f · 35L

├─ 🔧 install.sh Shell 125L · 3.2 KB

├─ 📋 package.json JSON 35L · 751 B

├─ 📝 README.md Markdown 55L · 1.3 KB

└─ 📝 SKILL.md Markdown 378L · 10.5 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`google-chrome-stable`	`latest`	apt (Google repository)	否	Standard installation from official Google repo
`xfce4, tigervnc-standalone-server`	`latest`	apt (Ubuntu repository)	否	Standard system packages

安全亮点

✓ SKILL.md comprehensively documents all functionality including shell commands

✓ rm -rf command at line 250 is scoped to browser profile directory (~/.config/openclaw-browser-openclaw), not home directory

✓ Chrome installation downloads from official Google repository

✓ No credential harvesting or API key extraction

✓ No obfuscated code, base64 execution, or reverse shell patterns

✓ No C2 communication or data exfiltration

✓ VNC password requires interactive user input (vncpasswd)

✓ Install script properly checks for root/sudo privileges