Anti-Detect Browser
Launch and manage anti-detect browsers with unique real-device fingerprints for multi-account operations, web scraping, ad verification, and AI agent automat...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 22 · 0 current installs · 0 all-time installs
by@dowands
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description describe an anti-detect/fingerprint browser service and the instructions consistently show how to use such a service (npm package, Playwright integration, MCP server, live view, cloud profiles). The requested capabilities (profiles, live view, proxies, MCP control) align with the claimed purpose.
Instruction Scope
SKILL.md instructs the agent to use an API key (e.g., ANTI_DETECT_BROWSER_KEY and key:'your-api-key'), to save/restore profiles to the service's cloud, and to stream headless sessions to an external dashboard that can be shared publicly. The registry metadata lists no required env vars or credentials, so the instructions access sensitive remote services and credentials that are not declared. Live View/shareable URLs and cloud-saved profiles create privacy and data-exfiltration risk (cookies, session tokens, page contents).
Install Mechanism
The skill is instruction-only (no install spec), but it directs users to npm install and npx the package and to run Playwright installation steps. Installing an npm package (and running npx) pulls remote code and may run install scripts; this is expected for an npm-based browser integration but is a moderate risk and should be audited before use.
Credentials
The SKILL.md clearly uses an API key and environment variable (ANTI_DETECT_BROWSER_KEY / your-api-key) and discusses proxies with embedded credentials, yet requires.env and primary credential are declared as none. That mismatch is disproportionate: the skill will need secrets to operate but the registry metadata does not declare them. Additionally, the service stores cookies/session state in the cloud and can stream screens — both are high-sensitivity artifacts that the skill will transmit to a third-party endpoint.
Persistence & Privilege
always is false and there is no install-time persistence declared. However, SKILL.md instructs how to run an MCP server and integrate with mcporter which would create a persistent service/process exposing browser-control tools. Autonomous invocation (model invocation enabled) combined with the ability to control many browsers and upload profiles increases blast radius; this is expected for agentic browser tooling but should be considered when granting credentials.
Scan Findings in Context
[NO_REGEX_FINDINGS] expected: The static regex scanner found no code files to analyze (this is an instruction-only skill). Absence of findings is expected but does not imply safety — SKILL.md contains actionable instructions that reference network endpoints and credentials.
[UNDISCLOSED_ENV_VAR_USAGE] unexpected: SKILL.md shows use of ANTI_DETECT_BROWSER_KEY / 'your-api-key' and examples that embed credentials (proxy URLs), but the registry metadata declares no required env vars or primary credential. This discrepancy is unexpected for a network-backed service that requires authentication.
What to consider before installing
This skill appears to be what it claims (an anti-detect browser integration) but there are clear mismatches and privacy risks you should consider before installing:
- Do not install or run the npm package until you verify its provenance: check the npm registry page, the package repository, the maintainer identity, and review the package source and install scripts for suspicious behavior.
- The SKILL.md expects an API key (ANTI_DETECT_BROWSER_KEY) though the metadata lists none — treat any API key as sensitive. Only provide a key with the minimum privileges possible and rotate it if you stop using the skill.
- Profiles are saved to the vendor's cloud and Live View sessions are shareable. Do not upload sensitive accounts, cookies, or PII; use throwaway accounts and isolated test data if you must evaluate functionality.
- Live View and shared URLs can leak page contents and interactions. Avoid enabling live streaming for sessions that load private data.
- Running npx/npm will execute third-party code locally; consider running in an isolated VM/container and audit network traffic and filesystem activity during install/run.
- If you need to use it for automation, prefer creating ephemeral environments, proxying traffic through monitored networks, and verifying the API endpoints (antibrow.com) are legitimate and match the package's repository.
If you want, I can: 1) fetch and summarize the npm package manifest and homepage (if available), 2) list concrete checks to audit the package before installation, or 3) suggest safer alternatives for multi-account browser automation.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Anti-Detect Browser — The First Fingerprint Browser Built for AI Agents
Launch Chromium with real-device fingerprints via standard Playwright APIs. Each browser gets a unique, consistent digital identity from 500+ parameters across 30+ categories (Canvas, WebGL, Audio, Fonts, WebRTC, WebGPU…) — collected from actual devices, not synthetic.
What makes it different:
- 🤖 Agent-first design — MCP server mode lets AI agents launch, navigate, screenshot, and interact with fingerprint browsers through tool calls. The first anti-detect browser built for agentic workflows.
- 👁️ Live View — Watch headless browsers in real time from the dashboard. Debug AI agent actions, share URLs with teammates, observe automation as it happens.
- 🎭 Real fingerprints, not random noise — Every fingerprint comes from an actual device. Internally consistent across all browser APIs, passing even advanced anti-bot checks.
- 🔌 Zero learning curve — Standard Playwright API. Drop in
anti-detect-browserand your existing scripts work with fingerprint protection.
Links: npm: anti-detect-browser · Dashboard: https://antibrow.com · API: https://antibrow.com/api/v1/ · Docs: https://antibrow.com/docs
Setup
npm install anti-detect-browser
npx playwright install chromium
npx playwright install-deps chromium # Linux: system libs
Quick Start
import { AntiDetectBrowser } from 'anti-detect-browser'
const ab = new AntiDetectBrowser({ key: 'your-api-key' })
const { browser, page } = await ab.launch({
fingerprint: { tags: ['Windows 10', 'Chrome'] },
profile: 'my-account-01',
proxy: 'http://user:pass@host:port', // optional
})
await page.goto('https://example.com') // standard Playwright from here
await browser.close() // auto-syncs cookies & storage to cloud
Profiles — Persistent Browser Identities
Profiles save cookies, localStorage, and session data to the cloud. Same profile name = same logged-in state next time, even across machines.
// First launch — login
const { browser, page } = await ab.launch({ profile: 'shop-01' })
await page.goto('https://shop.example.com/login')
// ... login ...
await browser.close()
// Later — already logged in, session restored from cloud
const { page: p2 } = await ab.launch({ profile: 'shop-01' })
await p2.goto('https://shop.example.com/dashboard')
Fingerprint Tags
Filter by: Microsoft Windows, Apple Mac, Android, Linux, iPad, iPhone, Edge, Chrome, Safari, Firefox, Desktop, Mobile, Windows 7, Windows 8, Windows 10
await ab.launch({ fingerprint: { tags: ['Apple Mac', 'Safari'] } })
await ab.launch({ fingerprint: { tags: ['Android', 'Mobile', 'Chrome'] } })
await ab.launch({ fingerprint: { tags: ['Windows 10', 'Chrome'], minBrowserVersion: 130 } })
Live View — Watch Headless Browsers in Real Time
Stream any headless session to the antibrow.com dashboard. Share the URL — anyone can watch the browser screen live. Perfect for debugging AI agent actions or team monitoring.
const { page, liveView } = await ab.launch({
headless: true,
liveView: true,
profile: 'price-monitor',
fingerprint: { tags: ['Windows 10', 'Chrome'] },
})
console.log('Watch live:', liveView.viewUrl)
Visual Identification
Run many browsers at once — each gets a floating label, title prefix, and colored border:
await ab.launch({ profile: 'twitter-main', label: '@myhandle', color: '#e74c3c' })
await ab.launch({ profile: 'twitter-alt', label: '@support', color: '#3498db' })
Inject into Existing Playwright
Already have Playwright scripts? Add fingerprints without rewriting:
import { chromium } from 'playwright'
import { applyFingerprint } from 'anti-detect-browser'
const browser = await chromium.launch()
const context = await browser.newContext()
await applyFingerprint(context, {
key: 'your-api-key',
fingerprint: { tags: ['Windows 10', 'Chrome'] },
profile: 'my-profile',
})
const page = await context.newPage()
MCP Server — AI Agent Browser Control
The first anti-detect browser with native MCP support. AI agents (Claude, GPT, etc.) can launch and control fingerprint browsers through tool calls.
{
"mcpServers": {
"anti-detect-browser": {
"command": "npx",
"args": ["anti-detect-browser", "--mcp"],
"env": { "ANTI_DETECT_BROWSER_KEY": "your-api-key" }
}
}
}
mcporter setup:
mcporter config add anti-detect-browser \
--command 'npx anti-detect-browser --mcp' \
--env ANTI_DETECT_BROWSER_KEY=your-key
MCP Tools
| Tool | Purpose |
|---|---|
launch_browser | Start fingerprint browser (profile, tags, proxy, headless) |
close_browser | Close session by ID |
navigate | Go to URL |
screenshot | Capture page screenshot |
click / fill | Interact with elements by CSS selector |
evaluate | Run JavaScript on page |
get_content | Extract text from page or element |
start_live_view / stop_live_view | Stream browser screen to dashboard |
list_sessions | List running browsers |
list_profiles / create_profile / delete_profile | Manage profiles |
⚠️ MCP session note: stdio transport spawns a new process per call. For multi-step workflows (launch → navigate → screenshot), use SDK scripts or configure a persistent MCP transport.
REST API
Base: https://antibrow.com/api/v1/ — all endpoints require Authorization: Bearer <api-key>.
Profiles:
GET /profiles # List all
POST /profiles # Create (body: {"name":"x","tags":["Windows 10","Chrome"]})
GET /profiles/:name # Get details + dataUrl for fingerprint download
DELETE /profiles/:name # Delete
POST response includes dataUrl — a presigned URL (10 min) to the full fingerprint JSON (~9MB).
Fingerprints:
GET /fingerprints/fetch # Fetch matching fingerprint (query: tags, minBrowserVersion, etc.)
GET /fingerprints/versions # Available browser versions
Workflow Examples
Multi-Account Management
const accounts = [
{ profile: 'twitter-1', label: '@brand', color: '#1DA1F2' },
{ profile: 'twitter-2', label: '@support', color: '#FF6B35' },
{ profile: 'twitter-3', label: '@personal', color: '#6C5CE7' },
]
for (const acct of accounts) {
const { page } = await ab.launch({
fingerprint: { tags: ['Windows 10', 'Chrome'] },
proxy: getNextProxy(),
...acct,
})
await page.goto('https://twitter.com')
}
Scraping with Fingerprint Rotation
for (const url of urlsToScrape) {
const { browser, page } = await ab.launch({
fingerprint: { tags: ['Desktop', 'Chrome'], minBrowserVersion: 125 },
proxy: rotateProxy(),
})
await page.goto(url)
const data = await page.evaluate(() => document.body.innerText)
saveData(url, data)
await browser.close()
}
AI Agent + Live View Monitoring
const { page, liveView } = await ab.launch({
headless: true, liveView: true,
profile: 'price-monitor',
fingerprint: { tags: ['Windows 10', 'Chrome'] },
})
console.log('Dashboard:', liveView.viewUrl) // share with team
// Agent monitors prices, team watches live
Known Limitations
- WebGL on GPU-less servers — Reports SwiftShader renderer. Not an SDK issue; hardware limitation of headless environments.
- Free tier — 2 browser profiles. Upgrade at https://antibrow.com for more.
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…