ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Stealth

v1.0.0

Stealth browser automation with anti-detection. Launches Chromium with fingerprint randomization, webdriver flag removal, Canvas/WebGL spoofing, and permissi...

0· 66·0 current·0 all-time
by@bfchain2-hub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Using Playwright and Chromium launch flags is consistent with the stated purpose of anti-detection automation. The included JS implements the claimed stealth techniques (navigator.webdriver masking, canvas/webgl spoofing, permissions override). However the snapshot feature also reads input 'value' attributes and returns them — a capability that can expose passwords or other sensitive fields and is not called out as a privacy/security caveat in SKILL.md.
!
Instruction Scope
SKILL.md instructs running the provided script and to use --continue to persist sessions but does not warn that 'snapshot' will collect element values (including input values), that a local .session.json is written, or that the script will attempt to connect to a CDP endpoint at http://localhost:9222 when resuming. The script also overrides Permissions API responses (for notifications/geolocation/etc.), which changes page behavior beyond simple navigation. These actions widen the agent's read/write scope and could leak sensitive data if used with real credentials or exposed CDP ports.
Install Mechanism
There is no automated installer in the registry entry; SKILL.md recommends installing Playwright via npm/npx (a standard, expected approach). No remote, untrusted binary downloads or extract-from-arbitrary-URL installs are present in the package files. Network access to npm is required by the user to obtain Playwright.
!
Credentials
The skill declares no credentials or env vars, which fits its purpose, but it still reads/writes local session files (.session.json and user-provided storageState files) and returns captured page element metadata and input values. That local file I/O and the ability to capture input values are disproportionate to a user expectation of 'stealth' — they introduce a credential-exposure risk even though no external secrets are requested.
Persistence & Privilege
always:false (no forced persistence), and the skill only writes a local .session.json to track active sessions (normal for session reuse). It also attempts to connect to a local CDP at http://localhost:9222 when resuming (only localhost). These are moderate privileges but not platform-global; still, resuming via CDP could behave unexpectedly if a CDP endpoint is forwarded/exposed.
What to consider before installing
This skill is coherent with its stealth automation goal, but exercise caution before using it with real accounts or sensitive targets. Specific things to consider before installing or running: - 'snapshot' can capture input values (it records element.value slices), which may include passwords or tokens — avoid running snapshot on pages with credentials or remove/modify value-capture in the script. - The script writes a local session file (.session.json) and may save Playwright storageState files (auth.json) if you use session persistence; these files can contain authentication state—store them securely or disable persistence. - The --continue behavior will try to connect to http://localhost:9222 via CDP; ensure no remote-forwarded/exposed CDP ports are active to avoid unintended access. - The stealth init code overrides the Permissions API (returns 'granted') and spoofs fingerprints — that may confuse debugging and can bypass site protections; use it only where legally/ethically allowed. - The package instructs installing Playwright via npm/npx (network download). Review and run the included scripts in an isolated environment (container or VM) and read the source (scripts/stealth-launch.js) yourself. If you need a clean, lower-risk alternative: run a minimal automation wrapper that explicitly excludes capturing input values and does not persist session files, or modify the provided script to redact input values and store sessions in a secure, user-chosen path.

Like a lobster shell, security has layers — review code before you run it.

anti-detectionvk97dbvgmwny031jk1vp6p5s3ms83qjhhautomationvk97dbvgmwny031jk1vp6p5s3ms83qjhhbrowservk97dbvgmwny031jk1vp6p5s3ms83qjhhlatestvk97dbvgmwny031jk1vp6p5s3ms83qjhhopenclawvk97dbvgmwny031jk1vp6p5s3ms83qjhhstealthvk97dbvgmwny031jk1vp6p5s3ms83qjhh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎭 Clawdis
OSmacOS · Linux · Windows

Comments