API-key-free online research via the built-in browser tool. Use this skill when web_search fails due to missing keys, and you still need web evidence.
Security Analysis
high confidenceThe skill's code, runtime instructions, and requested access largely match its stated purpose (checking/using a local browser tool for web retrieval); no signs of hidden network exfiltration or unrelated credential access were found, though there are a few operational notes to review.
Name/description (API-key-free browser research) align with the included code: index.js invokes a local Python guard and returns guidance for manual/agent-driven browser use. The files focus on detecting a locally-available OpenClaw browser node and do not request unrelated cloud credentials or services.
SKILL.md directs running a browser guard script and using the built-in browser tool; the guard script (scripts/browser_guard.py) reads recent OpenClaw session log files and invokes the local 'openclaw browser status --json' command to determine availability. Reading session logs is within the stated purpose (to infer browser availability), but those logs may contain prior user queries or state — the user should be aware the script parses local session files. Also SKILL.md includes a path 'skills/browser-research-lite/scripts/browser_guard.py' that does not match the repository layout (script actually at scripts/browser_guard.py), an operational inconsistency to fix.
No install specification and no third-party network downloads; the skill is instruction/code-only and runs local scripts. That is low-risk from an installer perspective.
The skill declares no required env vars or credentials, and indeed does not ask for API keys. However, the guard script accesses files under ~/.openclaw/agents/main/sessions (user home) and executes the local 'openclaw' CLI. That is proportionate for detecting a local browser node, but it does give the skill read access to session logs which may contain sensitive conversational context.
The skill does not request always:true, does not modify other skill configs, and contains no install-time persistence. It only runs local checks and returns status; normal autonomous invocation is permitted by default but not flagged here.
Guidance
This skill appears to do what it says: check whether a local OpenClaw browser node is available and then guide browsing-based retrieval. Before installing, note two things: (1) the guard script reads recent session files under ~/.openclaw/agents/main/sessions and runs the local 'openclaw' CLI — those session logs can contain prior conversation context, so only install if you trust the skill/source and are comfortable with local log reads; (2) SKILL.md references a script path that doesn't match the repo layout (an operational bug you may need to fix). If you want extra assurance, inspect scripts/browser_guard.py yourself and verify it only prints JSON locally (it does) and does not send data externally. If you don't want local session logs to be read, do not install or modify the script to restrict file access.
Latest Release
v1.0.0
- Initial release of browser-research-lite skill. - Enables API-key-free online research using the built-in browser tool. - Designed to serve as a fallback when other web search skills fail due to missing API keys. - Provides step-by-step workflow for reliable web evidence retrieval and source quality control. - Includes clear policies on when to use browser-based research, trusted sources, and fallback procedures. - Adds instructions for handling browser/tool availability and reporting improvements to benchmarks.
Popular Skills
Published by @wanng-ide on ClawHub
