v1.0.0

SmoothBrowser

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:23 AM.

Analysis

SmoothBrowser appears purpose-built for web automation, but it gives an external browser agent broad, persistent access to logged-in websites and should be reviewed carefully before installation.

GuidanceInstall only if you are comfortable delegating web browsing to Smooth's external browser agent. Verify the smooth-py package, use narrow allowed-URL scopes, keep separate profiles for each service, avoid persisting sensitive sessions unless needed, and manually approve any action that submits forms, changes account data, posts content, or spends money.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Browser for AI agents to carry out any task on the web... fill forms... log into... any browser interaction request. ... --allowed-urls ... (optional)

The skill invites broad browser automation, including logged-in and form-submission workflows, while URL restriction is presented as optional rather than a default safety boundary.

User impactAn agent could be delegated broad website actions, including actions on logged-in accounts, unless the user adds clear limits and reviews sensitive steps.

RecommendationUse explicit site and task boundaries, prefer allowed URL restrictions, and require human confirmation before submitting forms, posting content, making purchases, or changing account data.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

If not, you can install it by running: pip install smooth-py

The skill depends on an external pip package that is not pinned in the artifact; this is a normal setup pattern for a CLI-backed skill but should be verified before installation.

User impactInstalling the wrong or compromised package could affect the local environment.

RecommendationVerify the package name, publisher, and version from an official Smooth source before installing, and consider pinning a known-good version.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Profiles are useful to persist cookies, login sessions, and browser state between sessions. ... smooth run -- <session-id> "Create a new issue in my repo 'my-project'"

The skill is designed to retain authenticated website sessions and reuse them for account actions, which is high-impact delegated authority over third-party accounts.

User impactA reused profile could allow the agent to act as the logged-in user on websites, including creating or modifying content and account data.

RecommendationUse separate profiles per service, avoid storing sensitive sessions unless necessary, use read-only profiles where possible, and approve account-changing actions manually.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Keep profiles organized: Save to memory which profiles authenticate to which services so you can reuse them efficiently in the future.

The skill asks the agent to persist mappings between services and authenticated browser profiles, creating durable context that can affect future tasks.

User impactFuture requests could accidentally reuse the wrong logged-in account or rely on stale or poisoned memory about which profile belongs to which service.

RecommendationOnly store profile mappings with clear user consent, keep names specific, periodically remove old profile memories, and confirm the intended account before reuse.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

SKILL.md

Get an API key at https://app.smooth.sh ... --metadata '{"email":"user@example.com","name":"John Doe"}' ... built-in proxy

The skill uses an external Smooth service/API and proxy and supports passing user metadata into browser tasks; this is expected for the product but sensitive data boundaries are not detailed in the artifact.

User impactInformation included in prompts, metadata, browsing sessions, or proxied traffic may be handled by the Smooth provider as part of the automation.

RecommendationAvoid sending unnecessary personal or confidential data, review the provider's privacy and security terms, and disable the proxy when direct connections are required.