Web Freedom Toolkit
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is designed to bypass website protections and includes powerful browser takeover utilities, so it should be reviewed carefully before use.
Install only if you have a legitimate, authorized need for anti-bot testing or controlled web automation. Use a VM/container, avoid logged-in browser profiles, require explicit approval for each target site, pin dependencies, and do not rely on the package's own audit claims as proof of safety.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could use this to access or scrape websites while bypassing defenses, creating legal, account, or abuse-risk consequences for the user.
The skill is not merely a browser automation helper; it explicitly advertises arbitrary-target evasion of anti-bot and WAF protections.
Ideal for bypassing Cloudflare and standard WAFs ... Uses `curl_cffi` for kernel-level TLS/JA4 fingerprinting ... python3 scripts/freedom_engine.py "https://target-site.com"
Use only for targets you own or are explicitly authorized to test, require per-target human approval, and do not enable autonomous use for protected third-party sites.
If run against a browser session or sensitive page, these scripts could manipulate the page or act through the browser's current context.
The bundled high-privilege scripts are documented as raw CDP/driver takeover paths capable of executing page JavaScript and bypassing normal library safeguards.
Risk: High. Can execute any JavaScript on the current page via `Runtime.evaluate` ... Bypasses standard application-level sandboxing of the scraping library.
Run only in an isolated VM/container with no personal browser profile or logged-in sessions, and avoid using the takeover scripts unless strictly necessary and manually approved.
Users may over-trust the package's safety claims despite the included anti-bot bypass and browser takeover capabilities.
This is a self-contained, unsupported audit/verification claim inside the package, which could encourage unsafe trust in high-risk scripts.
**Audit Status**: Verified by SpatialGPT SOTA Engine (2026)
Ignore bundled self-audit claims and rely on independent review, source inspection, and sandboxed testing.
A local relay could expose browser debugging access to local processes for up to an hour if started.
The package can start a local TCP relay for browser debugging traffic; it is bound to localhost and has time limits, but it can still run in the background during a task.
IDLE_TIMEOUT = 300 ... MAX_LIFESPAN = 3600 ... server.bind(('127.0.0.1', local_port))Start the relay only when needed, confirm it terminates afterward, and run it inside an isolated environment.
Future dependency versions could change behavior or introduce vulnerabilities.
The skill depends on external Python packages with lower-bound-only version ranges; these dependencies are purpose-aligned but not pinned.
curl_cffi>=0.14.0 ... DrissionPage>=4.1.1.2 ... requests>=2.31.0
Pin and review dependency versions before installing, preferably in a disposable virtual environment or container.