Skip to content

Remove openclaw platform references from SKILL.md#39

Open
shrey150 wants to merge 2 commits intomainfrom
shrey/fix-clawhub-security-scan
Open

Remove openclaw platform references from SKILL.md#39
shrey150 wants to merge 2 commits intomainfrom
shrey/fix-clawhub-security-scan

Conversation

@shrey150
Copy link
Contributor

@shrey150 shrey150 commented Mar 5, 2026
edited by cursor bot
Loading

Summary

  • Removes all openclaw platform references from browser/SKILL.md, browser/REFERENCE.md, and browser/EXAMPLES.md
  • These references were causing ClawHub's OpenClaw security scanner to flag the skill as Suspicious (medium confidence) because they imply undeclared file access to ~/.openclaw/openclaw.json and undeclared credential bridging behavior
  • Replaces openclaw browserbase setup and eval "$(openclaw browserbase env ...)" with direct export env var instructions
  • The skill only needs BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID env vars — how users set them is not the skill's concern

Changes

  • SKILL.md: Remove openclaw browserbase setup fallback instruction
  • REFERENCE.md: Remove credential bridging sentence, remove openclaw setup from credentials section, clean example search query
  • EXAMPLES.md: Replace openclaw setup + eval section with plain env var exports and browse env remote

Context

The ClawHub scanner reads all skill files (not just SKILL.md) and flags mismatches between declared metadata and runtime instructions. Passing skills like github and weather never reference OpenClaw platform internals — they just declare what they need and let the platform handle the rest.

Test plan

  • Republish to ClawHub after merge
  • Verify OpenClaw security scan improves

🤖 Generated with Claude Code

Note

Low Risk
Documentation-only updates that remove references to OpenClaw plugin setup and local credential bridging; no runtime or API behavior changes.

Overview
Removes OpenClaw platform-specific credential setup guidance (openclaw browserbase setup and JSON-to-env “bridging”) from the browser skill documentation, standardizing remote-mode instructions on setting BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID directly.

Updates the remote-mode example flow to explicitly run browse env remote after exporting credentials, and makes small wording/example tweaks in REFERENCE.md (e.g., fill example text and credential source link).

Written by Cursor Bugbot for commit 46cf406. This will update automatically on new commits. Configure here.

@shrey150 @claude
Remove openclaw platform references from SKILL.md
0a4ce11 
Remove the `openclaw browserbase setup` command reference from the
browser skill SKILL.md. This reference was causing ClawHub's OpenClaw
security scanner to flag the skill as "Suspicious" because it implies
undeclared file access to ~/.openclaw/openclaw.json. The skill only
needs BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID env vars, which
are already documented.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@shrey150 shrey150 force-pushed the shrey/fix-clawhub-security-scan branch from 8a34f6a to 0a4ce11 Compare March 5, 2026 02:50
@shrey150 @claude
Remove openclaw references from EXAMPLES.md and REFERENCE.md
46cf406 
The ClawHub security scanner reads all skill files, not just SKILL.md.
Remove remaining openclaw credential bridging, eval, and setup command
references from REFERENCE.md and EXAMPLES.md. Replace with direct
env var export instructions.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shrey150