open-browser 安全扫描报告 — 可信 | ClawSafe

5 /100

open-browser

Visual AI browser automation via OpenBrowser Agent — sees pages via screenshots and simulates human browser interactions

OpenBrowser is a legitimate visual AI browser automation skill with no malicious behavior — all operations are local, subprocess usage is documented, and no credentials are exfiltrated.

技能名称open-browser

分析耗时31.9s

引擎pi

✓

可以安装

No action needed. The skill is safe to use as described.

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	Scripts read from local server only; no arbitrary file writes without user conse…
网络访问	`READ`	`READ`	✓ 一致	All HTTP/WebSocket calls target localhost:8765; DashScope API is the intended AI…
命令执行	`WRITE`	`WRITE`	✓ 一致	subprocess.Popen used for background task execution, explicitly documented in SK…
环境变量	`READ`	`READ`	✓ 一致	OPENBROWSER_CHROME_UUID read from env, used only for local server registration
浏览器	`WRITE`	`WRITE`	✓ 一致	Chrome extension browser control via WebSocket, the core purpose of the skill

4 项发现

🔗

中危外部 URL 外部 URL

https://dashscope.aliyun.com/

SKILL.md:111

🔗

中危外部 URL 外部 URL

http://127.0.0.1:8765

references/api_reference.md:7

🔗

中危外部 URL 外部 URL

https://dashscope.aliyuncs.com/compatible-mode/v1

references/api_reference.md:56

🔗

中危外部 URL 外部 URL

https://docs.astral.sh/uv/

references/setup.md:7

目录结构

6 文件 · 34.5 KB · 1280 行

Markdown 4f · 778L Python 2f · 502L

├─ ▾ 📁 references

│ ├─ 📝 api_reference.md Markdown 336L · 6.1 KB

│ ├─ 📝 setup.md Markdown 97L · 2.2 KB

│ └─ 📝 troubleshooting.md Markdown 169L · 3.7 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 check_status.py Python 177L · 5.8 KB

│ └─ 🐍 send_task.py Python 325L · 11.0 KB

└─ 📝 SKILL.md Markdown 176L · 5.7 KB

安全亮点

✓ All network operations are local (127.0.0.1:8765) except DashScope API for browser automation

✓ No credential harvesting or environment variable iteration for sensitive keys

✓ No base64, eval, or obfuscated code patterns

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive host paths

✓ No data exfiltration or C2 communication

✓ Subprocess usage is explicitly declared and documented in SKILL.md

✓ Browser UUID is a local capability token — not a secret, scoped to the local server

✓ No supply chain risks — all dependencies are from known package managers with pinned tooling

✓ Scripts are readable, well-structured Python with no hidden functionality