Human Browser Use
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is explicitly designed to make automated browsing look human and bypass anti-bot protections such as Cloudflare and reCAPTCHA.
Avoid installing this skill. Its advertised purpose is to make an AI-driven browser appear human and bypass anti-bot systems such as Cloudflare, reCAPTCHA, and DataDome. That is unsafe for normal use and may violate website rules or laws unless performed in a clearly authorized security-testing environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could automate activity on sites that are intentionally trying to prevent bot access.
The skill explicitly instructs use when a site has anti-bot protections, making the browser automation tool suitable for bypassing controls that are intended to block automated agents.
The target site has anti-bot detection (Cloudflare, reCAPTCHA, DataDome, etc.)
Do not install or use this skill unless you have clear authorization for controlled testing; avoid using automation to bypass third-party site protections.
This can cause websites or services to treat automated behavior as if it came from a real human user.
The skill is designed to conceal that browser actions are automated, which can deceive websites and abuse trust assumptions about human users.
You need to hide automation fingerprints (`navigator.webdriver`, WebGL, etc.)
Avoid tools whose purpose is to impersonate human browsing or hide automation identity from services.
Users would be running unreviewed third-party code to perform high-risk stealth browser automation.
The instruction-only skill requires installing an external package, while the provided metadata shows an unknown source, no homepage, no install spec, and no reviewed code files for the package behavior.
pip install human-browser-use
Do not install unreviewed automation packages from unknown provenance, especially for sensitive browser sessions or anti-bot bypass use cases.
A browser session may keep state, cookies, or open pages between actions if not explicitly closed.
The persistence is disclosed, but it means browser state can remain active across commands unless the user closes or resets it.
The browser stays alive between commands.
If used in an authorized environment, close or reset sessions after each task and avoid using personal logged-in browser profiles.