Browser Cash
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is explicitly designed to evade website anti-bot protections for scraping and automation, and it can preserve logged-in browser session data through an external provider.
Avoid installing this skill unless you have a clearly authorized, legitimate testing need. Its advertised purpose is to bypass website anti-bot defenses, and its persistent profiles can retain sensitive logged-in session data with an external provider.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill could violate website rules, trigger account or IP bans, and enable harmful automation against third-party services.
The skill's primary advertised use is to evade third-party anti-bot controls for automation and scraping, which goes beyond normal browser automation and can facilitate unauthorized activity.
These sessions bypass common anti-bot protections (Cloudflare, DataDome, etc.), making them ideal for scraping, testing, and automation tasks that would otherwise get blocked.
Do not install for general use. If there is a legitimate need, restrict it to authorized testing on systems you own or have explicit permission to test.
A reused persistent profile could let the agent act as a logged-in user on websites, including submitting forms or changing account data.
Persisted browser profiles can preserve logged-in web sessions, allowing future automation to act with the user's account state on target websites.
Profiles persist cookies, localStorage, and session data across sessions—useful for staying logged in or maintaining state.
Use disposable profiles, avoid logging into sensitive accounts, require explicit approval for each target site, and delete profiles after use.
Sensitive login/session data may remain stored in Browser.cash profiles and be reused in later tasks.
The skill supports storing browser cookies and local storage after the task ends, but the artifact does not describe retention limits, isolation, or who can access that persisted session data.
`profile.persist` | boolean | Save cookies/storage after session ends
Keep persistence disabled unless necessary, use separate throwaway profiles, and delete profiles after each authorized session.
Installing latest npm packages can change the local environment and inherits normal package supply-chain risk.
The skill tells the agent/user to install unpinned npm packages at first use. This is expected for Playwright/Puppeteer automation, but it is not captured in an install spec and relies on current npm package provenance.
cd ~/clawd && npm install playwright puppeteer-core
Pin package versions, review the install step before running it, and declare dependencies in a proper install specification.
The agent may run local Node.js commands as part of browser automation.
The skill recommends local exec/Node.js execution to drive remote browser sessions. This is aligned with the stated CDP automation purpose, but it is a powerful execution path.
Use Playwright or Puppeteer in an exec block to connect directly to the CDP URL:
Review generated exec commands before running them and avoid granting this skill autonomous use on untrusted tasks.