Scan Report
5 /100
web-llm-chat
Chat with web-based LLMs through Chrome Relay extension for Qwen AI
Legitimate Chrome Relay automation tool for Qwen Chat with no malicious behavior detected.
Safe to install
This skill is safe to use as documented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Network | READ | READ | ✓ Aligned | WebSocket to localhost:18792 only |
| Filesystem | READ | READ | ✓ Aligned | Reads openclaw.json for auth token only |
| Shell | WRITE | WRITE | ✓ Aligned | node scripts/qwen_chat.js commands |
1 findings
Medium External URL 外部 URL
https://chat.qwen.ai/c/... SKILL.md:120 File Tree
5 files · 54.5 KB · 1549 lines JavaScript 1f · 897L
Markdown 3f · 647L
JSON 1f · 5L
├─
▾
references
│ └─
chrome-relay.md
Markdown
├─
▾
scripts
│ └─
qwen_chat.js
JavaScript
├─
package.json
JSON
├─
SKILL_CN.md
Markdown
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
ws | ^8.19.0 | npm | No | Standard WebSocket library, version pinned |
Security Positives
✓ All network traffic is localhost-only (127.0.0.1:18789/18792)
✓ Only accesses ~/.openclaw for legitimate auth token derivation
✓ No external network connections or data exfiltration
✓ Uses standard Chrome DevTools Protocol for browser automation
✓ No obfuscation, base64 payloads, or suspicious code patterns
✓ Clean dependency: only 'ws' package (version pinned to ^8.19.0)
✓ Complete documentation matches implementation