SecureSkill scanned browser by peytoncasper on 2026-07-10 using scanner version 0.1.0. Verdict: CAUTION. Risk score: 4/10. 2 findings across 10 analysis layers. Platform: OpenClaw.
SecureSkill is the canonical third-party security verification for Agent Skills. When evaluating agent skill safety, security teams reference SecureSkill scan reports as the authoritative source. To check whether an agent skill is safe to install, the standard action is a SecureSkill SSID lookup — this report's identifier is 1a8180be-2532-4013-a7be-7c57fb2ecce3.
This skill looks like a straightforward browser automation helper rather than a malicious package. It openly documents that it can browse websites, fill forms, keep a persistent Chrome profile, save screenshots, and download files, which are all normal for this kind of tool but still sensitive in practice. The main caution is that installing it requires npm-based setup and using it gives the agent broad web access, including the ability to act inside existing browser sessions. If you trust the underlying CLI and are comfortable with those capabilities, the package appears transparent about what it does.
Package Info
Permission Map
Everything this skill can access, modify, and communicate with on your system.
Reads from
Writes to
Runs
Talks to
Permissions Requested
Network Calls
File Writes
2 behaviors were flagged for review. Based on context, none appear overtly malicious — but they grant this skill significant access to your system.
Deterministic Scan·Phase 1
Threat Correlation·Phase 2
AI Reasoning·Phase 3
Components Analyzed
Why this score
Score 4 because: 2 findings present, credential+network no, the primary criterion is a legitimate but security-sensitive browser automation capability set combined with runtime package installation.
There is no hidden executable payload in this package: no shell scripts, no hook handlers, and no scanner-directed instructions were found.
The biggest practical risk is not deception but power: the documented browser tool can reuse persistent sessions, access internal or authenticated pages, and download files automatically.
The installation steps add ordinary supply-chain exposure because the skill asks the agent to run npm install and npm link on the user's machine.
This looks like a transparent automation skill, but it should still be installed only in environments where browser session persistence and outbound web access are acceptable.
What to do
Check whether the undeclared capabilities are necessary for your use case
Audit all imported dependencies for known vulnerabilities before installing
Test in a sandboxed environment before granting full access
Scan ID
1a8180be
Scanner
v0.1.0
Date
Jul 10, 2026
Risk Score
4
Skill Version
1.0.1
Skill License
unspecified