Skip to content

[GRO-1166] Remove openclaw platform references from SKILL.md#39

Merged
shrey150 merged 3 commits intomainfrom
shrey/fix-clawhub-security-scan
Mar 24, 2026
Merged

[GRO-1166] Remove openclaw platform references from SKILL.md#39
shrey150 merged 3 commits intomainfrom
shrey/fix-clawhub-security-scan

Conversation

@shrey150
Copy link
Copy Markdown
Contributor

@shrey150 shrey150 commented Mar 5, 2026
edited by cursor bot
Loading

Summary

  • Removes all openclaw platform references from browser/SKILL.md, browser/REFERENCE.md, and browser/EXAMPLES.md
  • These references were causing ClawHub's OpenClaw security scanner to flag the skill as Suspicious (medium confidence) because they imply undeclared file access to ~/.openclaw/openclaw.json and undeclared credential bridging behavior
  • Replaces openclaw browserbase setup and eval "$(openclaw browserbase env ...)" with direct export env var instructions
  • The skill only needs BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID env vars — how users set them is not the skill's concern

Changes

  • SKILL.md: Remove openclaw browserbase setup fallback instruction
  • REFERENCE.md: Remove credential bridging sentence, remove openclaw setup from credentials section, clean example search query
  • EXAMPLES.md: Replace openclaw setup + eval section with plain env var exports and browse env remote

Context

The ClawHub scanner reads all skill files (not just SKILL.md) and flags mismatches between declared metadata and runtime instructions. Passing skills like github and weather never reference OpenClaw platform internals — they just declare what they need and let the platform handle the rest.

Test plan

  • Republish to ClawHub after merge
  • Verify OpenClaw security scan improves

🤖 Generated with Claude Code

Note

Low Risk
Low risk documentation-only updates that change setup guidance for remote mode; main risk is users following outdated Browserbase credential requirements.

Overview
Removes OpenClaw platform/setup references from the browser skill docs and examples, replacing openclaw browserbase setup/credential-bridging instructions with direct export BROWSERBASE_API_KEY=... guidance.

Updates remote-mode documentation throughout to reflect that Browserbase sessions require only BROWSERBASE_API_KEY (dropping BROWSERBASE_PROJECT_ID mentions) and tweaks a couple of CLI examples accordingly.

Written by Cursor Bugbot for commit dfe2383. This will update automatically on new commits. Configure here.

@shrey150 shrey150 force-pushed the shrey/fix-clawhub-security-scan branch from 8a34f6a to 0a4ce11 Compare March 5, 2026 02:50
shrey150
shrey150 commented Mar 24, 2026
View reviewed changes
Comment thread skills/browser/EXAMPLES.md Outdated
@shrey150 shrey150 changed the title Remove openclaw platform references from SKILL.md [GRO-1166] Remove openclaw platform references from SKILL.md Mar 24, 2026
Kylejeong2
Kylejeong2 approved these changes Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Kylejeong2 Kylejeong2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will this confirm removing the suspicious flag from openclaw? PR itself looks good to me so approving

shrey150 and others added 3 commits March 24, 2026 12:48
@shrey150 @claude
Remove openclaw platform references from SKILL.md
fe6b8c9 
Remove the `openclaw browserbase setup` command reference from the
browser skill SKILL.md. This reference was causing ClawHub's OpenClaw
security scanner to flag the skill as "Suspicious" because it implies
undeclared file access to ~/.openclaw/openclaw.json. The skill only
needs BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID env vars, which
are already documented.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@shrey150 @claude
Remove openclaw references from EXAMPLES.md and REFERENCE.md
cbe873a 
The ClawHub security scanner reads all skill files, not just SKILL.md.
Remove remaining openclaw credential bridging, eval, and setup command
references from REFERENCE.md and EXAMPLES.md. Replace with direct
env var export instructions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@shrey150 @claude
Remove BROWSERBASE_PROJECT_ID from browser skill docs
dfe2383 
browse-cli 0.2.0 infers the project from the API key, so
BROWSERBASE_PROJECT_ID is no longer needed for remote mode.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@shrey150 shrey150 force-pushed the shrey/fix-clawhub-security-scan branch from e2f659b to dfe2383 Compare March 24, 2026 19:49
@shrey150 shrey150 merged commit 1f532a1 into main Mar 24, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kylejeong2 Kylejeong2 Kylejeong2 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shrey150 @Kylejeong2