v3.0.0

Stealth Browser

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:35 AM.

Analysis

This skill needs careful review because it is built for stealthy browser automation of logged-in Google/social actions, stores reusable cookies/sessions, and has under-declared install and provenance issues.

GuidanceInstall only if you fully understand the account and policy risks. Avoid using personal or business-critical Google accounts, verify the missing executable and installer provenance first, and require manual approval for any logged-in, public, captcha-solving, or bulk automation action.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

docs/VERKAUFSTEXT.md

Danach können Sie **alle Google-Dienste vollautomatisch nutzen** ... Ohne Bot-Erkennung ... Ohne manuelles Eingreifen ... YouTube-Kommentare ... Twitter/X Posts ... Blog-Kommentare posten

The skill is marketed for automated logged-in actions and public posting while bypassing bot detection, with no clear approval boundaries.

User impactIt could automate posts, comments, scraping, or other logged-in actions in ways that violate site rules, trigger account bans, or harm reputation.

RecommendationUse only where you have explicit permission, disable or avoid anti-detection/captcha-bypass workflows, and require manual confirmation for every public post, login use, or bulk action.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

package.json

"files": ["SKILL.md", "README.md", "stealth-browser", "stealth-browser-v2", "install.sh", "docs/", "examples/"], "install": { "script": "install.sh" }

The package references main executables that are absent from the provided manifest, while other artifacts disagree on version/author and the registry source is unknown.

User impactA user cannot reliably tell what executable would actually run for a high-privilege browser/session tool.

RecommendationRequire a complete, consistent package with the referenced executables included, provenance verified, and versions/authors aligned before installing.

Unexpected Code Execution

SeverityMediumConfidenceHighStatusConcern

install.sh

pip3 install undetected-chromedriver selenium websocket-client --quiet ... python3 stealth-browser test

The user-directed install pulls unpinned packages and executes a local browser executable even though the registry says there is no install spec and the executable is not included in the provided files.

User impactRunning the installer could change the local environment and execute code that is not represented in the reviewed artifacts.

RecommendationDo not run the installer until dependencies are pinned, the executable is included and reviewed, and install requirements are accurately declared.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

docs/BENUTZERHANDBUCH.md

F: Ist das sicher? A: Ja, alle Daten bleiben lokal auf Ihrem Server. Cookies werden verschlüsselt gespeichert.

The docs make strong safety and encryption assurances while the supplied artifacts also encourage cookie export/import and do not include implementation evidence for the encryption claim.

User impactUsers may overtrust the skill and store valuable Google/session cookies without understanding the actual protection and exposure risks.

RecommendationTreat the safety claims as unverified until encryption, storage paths, key management, and data-retention behavior are documented and implemented in reviewed code.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

docs/BENUTZERHANDBUCH.md

nach dem Google-Login funktionieren alle Google-Dienste: Gmail, YouTube, Ads, Analytics, Search Console, etc.

A stored Google session can grant broad access to email, advertising, analytics, webmaster tools, and YouTube rather than a narrowly scoped integration token.

User impactConnecting a real Google account could let automation act across sensitive personal and business services using your logged-in session.

RecommendationDo not use a primary account; use dedicated least-privilege accounts, separate profiles, and explicit human approval for any action that reads or changes account data.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

docs/BENUTZERHANDBUCH.md

stealth-browser cookies export google ... stealth-browser cookies import google --file cookies.json ... cat /root/.openclaw/skills/stealth-browser/cookies/google_cookies.json

The docs describe persistent, importable/exportable cookie state stored on disk, creating reusable authenticated context without clear retention or protection boundaries.

User impactCookies or imported sessions could be reused later by the agent, copied, mixed between profiles, or give unintended access to accounts.

RecommendationAvoid cookie export/import unless necessary, restrict file permissions, define retention and deletion procedures, and require documented encryption/key handling before storing real account cookies.