Agent Browser with Camoufox
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill needs careful review because it deploys an anti-detection browser that claims to bypass website risk controls and makes broad global installation changes.
Install only if you have a legitimate, authorized reason to test anti-detection browser automation. Review the shell script carefully, run it in an isolated environment, and be aware it can change global npm/Python tooling and may violate third-party website rules if used to bypass protections.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this could violate website policies, trigger account restrictions, or enable automation that bypasses protections intended to stop abuse.
The skill advertises browser automation specifically for evading site risk-control or bot-detection systems, which is materially riskier than ordinary browser automation.
**反检测能力**: camoufox 能绕过 Bilibili、Cloudflare 等风控
Only use this in clearly authorized testing environments; avoid using it to bypass third-party site protections or access controls.
A compromised or changed upstream installer/package could execute code during setup or alter the installed browser automation stack.
The one-click installer executes remote installer scripts and installs unpinned packages from live package registries and GitHub, so upstream changes can affect what runs on the user's machine.
curl -LsSf https://astral.sh/uv/install.sh | sh ... uv pip install camoufox --system || pip3 install camoufox ... npm install -g agent-browser ... git clone --depth 1 https://github.com/browser-use/agent-browser.git
Review the script first, pin package versions and commits where possible, verify sources/checksums, and run installation in a sandbox or disposable environment.
Future browser automation tasks may run the modified package, break unexpectedly, or inherit the anti-detection behavior without being isolated to one project.
The installer replaces the global agent-browser installation, so a bad patch or dependency issue can affect all future uses of that tool rather than only this skill.
mv "$AGENT_BROWSER_PATH" "$BACKUP_PATH" ... cp -r . "$AGENT_BROWSER_PATH"
Prefer a project-local install or container, keep a verified rollback path, and avoid replacing global tooling on a primary machine.