Pluginv0.1.6

ClawScan security

Oh My Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 12, 2026, 1:00 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's functionality matches its description (it uses a local CLI + Chrome extension to operate on your real browser session), but the recommended install method (curl|bash from a third-party domain), the required browser-extension access to cookies/logins, and the subprocess architecture raise significant security risks that you should review before installing.
Guidance: This plugin appears to do what it says (control your real Chrome via a local CLI + extension) but grants very powerful access to anything your browser is logged into. Before installing: (1) verify and audit the install script at https://api.omb.org.cn/install instead of piping it blindly to bash/iex; (2) review the Chrome extension's publisher, permissions, and source code; (3) prefer installing the CLI/extension from a trusted, signed release or vendor page; (4) consider using a dedicated Chrome profile with only the accounts you want exposed (or an isolated VM) rather than your primary browser profile; (5) be prepared to revoke the extension and CLI access and rotate credentials if you later suspect misuse. If you cannot verify the origin/trustworthiness of the omb binaries and extension, avoid installing or limit usage to low-risk accounts/environments.

Review Dimensions

Purpose & Capability: okName/description align with what the code and SKILL.md do: the plugin spawns a local 'omb' CLI subprocess and proxies tool calls to a Chrome extension to operate using the user's real browser session and logged-in state. The code looks for an 'omb' binary in $OMB_PATH, ~/.omb/omb, or PATH which is coherent with the described architecture.
Instruction Scope: noteRuntime instructions and tools (omb_search, omb_read, omb_action, etc.) stay within the described purpose (reading and interacting with web pages via the browser). However, the skill explicitly enables access to authenticated pages and full browser automation (click/fill/evaluate JS/screenshot), which inherently gives the agent broad access to any sites where your browser is logged in (email, banking, internal tools).
Install Mechanism: concernThere is no formal install spec in the registry; the README recommends running `curl -fsSL https://api.omb.org.cn/install | bash` (and PowerShell equivalent). Download-and-run install scripts from a third-party domain are high-risk because they execute arbitrary remote code and install a native CLI and browser extension. The recommended extension/CLI hosts (api.omb.org.cn, omb.org.cn) are not a well-known canonical release host in this context; treat as untrusted until verified.
Credentials: noteThe skill requests no environment variables or external credentials in the registry metadata (no SECRET/TOKEN entries). That is proportionate in the sense it uses the browser session rather than API keys. Nonetheless, installing the omb CLI and browser extension effectively grants the skill access to your browser cookies, sessions, and any authenticated pages — a high-privilege capability that is intrinsic to the feature and must be considered sensitive.
Persistence & Privilege: notealways:false and model invocation is allowed (default). Autonomous invocation plus the ability to operate the user's real browser increases the blast radius: an agent or tool could autonomously drive pages where you are logged in. The plugin also restarts/respawns the omb subprocess automatically; it does not request elevation or modify other plugins, which is expected behavior.