B0tresch Stealth Browser
Security checks across malware telemetry and agentic risk
Overview
This skill is explicitly built to defeat website anti-bot protections using stealth automation and residential proxies.
Avoid installing this skill unless you are doing authorized security or compatibility testing on sites you control. Its advertised purpose is to bypass anti-bot protections, CAPTCHAs, IP blocks, and protected-site scraping controls, which can lead to account bans, legal or policy issues, proxy costs, and added local browser risk.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could automate access to protected websites, violate site rules, trigger account or IP blocks, and enable abusive scraping or signup automation.
The skill explicitly frames defeating third-party anti-bot and access-control protections as the core workflow, not an incidental browser capability.
bypasses bot detection, CAPTCHAs, and IP blocks ... bypass Cloudflare/Vercel protection ... scraping protected content ... signup flows
Do not install or use this except for explicitly authorized testing on sites you own or have permission to assess; require domain allowlists, user approval, and remove CAPTCHA/protection-bypass workflows.
The agent can make automated traffic look more human and harder for websites to block or attribute, increasing misuse potential.
The implementation actively hides automation signals and routes traffic through a configured proxy, confirming the advertised bypass capability is executable.
puppeteer.use(StealthPlugin()); ... Object.defineProperty(navigator, 'webdriver', { get: () => false }); ... args.push(`--proxy-server=http://${proxy.host}:${proxy.port}`);Remove stealth-evasion and residential-proxy bypass behavior, or restrict it to an authorized testing harness with explicit user confirmation and target allowlists.
Visiting hostile sites through this tool may be riskier than normal browser automation because important browser safety checks are weakened.
The skill browses arbitrary user-supplied URLs while disabling Chromium sandboxing and ignoring HTTPS certificate errors, which increases local risk if a malicious page exploits the browser.
const url = args[0]; ... await page.goto(url, { waitUntil: 'networkidle2', timeout: 30000 }); ... '--no-sandbox' ... ignoreHTTPSErrors: trueKeep Chromium sandboxing enabled where possible, avoid ignoring HTTPS errors by default, and run the browser in a tightly isolated container or VM.
Using --proxy can consume paid proxy bandwidth and exposes browsing traffic to the configured proxy provider.
The skill reads local proxy credentials and uses them for outbound browsing; this is purpose-aligned for the optional proxy mode but is not declared as a registry credential or config path.
const proxyPath = path.join(process.env.HOME, '.config/smartproxy/proxy.json'); ... page.authenticate({ username: proxy.username, password: proxy.password });Use a dedicated low-privilege proxy account, protect the proxy.json file, declare the credential/config requirement, and avoid sending sensitive account sessions through the proxy.
Installing the skill can pull and run third-party browser automation dependencies, which adds normal supply-chain exposure.
The skill requires third-party npm browser automation packages; this is expected for the stated functionality, but users should still review the dependency provenance and install from the lockfile.
npm install ... Required packages ... puppeteer-extra ... puppeteer-extra-plugin-stealth ... puppeteer
Install only from a trusted reviewed copy, prefer npm ci with the supplied lockfile, and audit dependency changes before updating.