Camoufox Tools
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is disclosed as an anti-detection web scraper that can bypass site controls and run JavaScript in browser pages, and its claimed command implementations are missing from the reviewed files.
Treat this as a high-risk browser automation skill. Install only if you have explicit permission to automate the target sites, avoid using it on logged-in or sensitive pages, and wait for the missing fox-* command files to be provided and reviewed before trusting the package.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this could help an agent perform scraping or automation that websites are trying to block, which may violate site rules or cause account/IP risk.
The skill explicitly advertises anti-detection browser automation that can bypass Bilibili-style risk controls, which goes beyond ordinary browser automation and may evade site protections.
- **反检测**: camoufox 是基于 Firefox 的防指纹浏览器,能绕过 Bilibili 等网站的风控
Only use this on sites where you have permission to automate, and avoid using it to bypass anti-bot, anti-abuse, or risk-control systems.
An agent could run script inside a browser page and potentially interact with page content or an authenticated session.
The skill exposes arbitrary JavaScript execution in the current browser page. If used on a logged-in or sensitive page, this could read page data or trigger actions without safer scoped workflows.
### 3. fox-eval - 执行 JavaScript 在当前页面执行 JavaScript 代码。
Use fox-eval only on pages you trust and only with JavaScript you understand; avoid running it on logged-in financial, business, or account-management pages.
Users cannot verify what the advertised browser automation commands actually do from the provided package, or the skill may simply be incomplete.
The installer expects executable fox-* tools under a bin directory, but the provided manifest contains only SKILL.md and install.sh. The main command implementations are therefore missing from the reviewed artifacts.
BIN_DIR="$SCRIPT_DIR/bin" ... for tool in "$BIN_DIR"/fox-*; do
Do not install until the full bin/fox-* command files are included and reviewed, or obtain them from a trusted, pinned source.
Future terminal sessions may run commands from this skill's bin directory first if names collide with other commands.
The installer persistently modifies the user's shell startup file to prepend the skill's bin directory to PATH. This is disclosed setup behavior, but it affects future shell sessions.
echo "# camoufox-tools" >> "$shell_rc" echo "$export_line" >> "$shell_rc"
Review the shell startup file after installation and remove the added PATH line if you no longer want the skill active.