Skillv0.2.1

ClawScan security

Human Browser Use · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 9:48 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches its instructions (human-like, stealthy browser automation) but it asks you to pip-install an unverified package and omits declared installs/dependencies (browser binaries, Playwright/Chromium), which is disproportionate and unexplained.
Guidance: This skill's behavior broadly matches its description, but it has notable gaps: it instructs you to pip-install an unverified package (no source/homepage provided) and does not declare required runtime dependencies (chromium/Chrome, Playwright/Selenium, or the underlying browser-use package). Before installing, ask the publisher for: (1) the package source (PyPI link and/or GitHub repo) and a checksum or vouches for the release; (2) a complete dependency list and instructions for required browser binaries; (3) an explicit statement about intended/legal use (evading anti-bot protections can violate terms of service and laws). If you proceed, review the package contents (or install inside an isolated VM/container), avoid using real credentials or production accounts with it, and prefer packages with a verifiable repository and signed releases.

Review Dimensions

Purpose & Capability: concernThe SKILL.md content aligns with the stated purpose (human-like, stealthy browser automation). However, the skill instructs use of a pip package that is not provided in the registry (no source/homepage) and does not declare required runtime dependencies (browser binary, Playwright/Selenium, or browser-use package). That gap is an incoherence: a browser-automation skill normally needs to declare external runtime dependencies.
Instruction Scope: noteInstructions are focused on browser automation and explicitly emphasize evading anti-bot measures (stealth JS, hiding navigator.webdriver, etc.). They do not ask the agent to read unrelated files or secrets. The explicit goal of bypassing anti-bot protections is legitimate for testing but also has high potential for misuse; this is a policy/ethical concern rather than a direct technical incoherence.
Install Mechanism: concernThere is no install spec in the registry and no code files. The SKILL.md tells users to run `pip install human-browser-use`, but the package source, checksum, or repository are not provided and the registry lists no install mechanism. Telling users to install an unverified PyPI package from an unknown source is risky and inconsistent with the absence of an install entry.
Credentials: okThe skill does not request environment variables, secrets, or config paths. The only env-related guidance is setting no_proxy for local proxies, which is proportional and not suspicious.
Persistence & Privilege: okThe skill is not always-enabled and does not request elevated persistence. It does not claim to modify other skills or global agent settings.