Anti-Detect Browser
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is designed for stealthy multi-account browser automation that evades anti-bot checks and cloud-syncs logged-in browser sessions.
Do not install this skill unless you intentionally need a vetted anti-detect browser for authorized testing and accept the risks. It can evade website bot protections, automate multiple identities, store logged-in sessions in a third-party cloud, and stream browser screens to shareable URLs. If used at all, isolate it, use non-sensitive test accounts, disable live view, restrict MCP access, audit and pin the npm package, and require human approval for account actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could use this to evade website protections, operate multiple identities, scrape at scale, or perform account activity that may violate site rules and expose the user to bans or liability.
The skill’s core capability is to hide automated browser sessions behind realistic fingerprints and bypass bot-detection systems, especially for multi-account automation.
anti-detect browsers with unique real-device fingerprints for multi-account operations, web scraping ... passing even advanced anti-bot checks
Do not install for general agent use. Only consider it in tightly controlled, explicitly authorized testing environments with clear site permission and human approval for actions.
Sensitive accounts used in these browsers could remain logged in across machines, and compromised API keys or profiles could expose those sessions.
Cookies and session storage can act like credentials; storing and replaying them from the cloud gives the provider and any holder of the relevant profile/API access a way to reuse logged-in sessions.
Profiles save cookies, localStorage, and session data to the cloud. Same profile name = same logged-in state next time, even across machines.
Avoid using sensitive personal, financial, or production accounts. If used at all, use low-privilege test accounts, clear profiles, rotate credentials, and verify the provider’s retention and access controls.
A connected agent could browse, interact with logged-in accounts, capture page contents, and operate under persistent browser profiles.
The artifacts expose powerful browser-control capabilities to AI agents through MCP, but do not describe identity checks, permission scoping, or per-action approvals.
MCP server mode lets AI agents launch, navigate, screenshot, and interact with fingerprint browsers through tool calls.
Do not expose this MCP server to untrusted agents. If deployed, restrict it to a trusted local environment, use tool allowlists, and require human approval before account actions.
Sensitive browsing activity, account pages, messages, or personal data could be visible to anyone who receives or discovers the live-view URL.
Live browser screens may contain private content or logged-in account pages, and the artifact says the view URL can be shared so anyone with it can watch.
Stream any headless session to the antibrow.com dashboard. Share the URL — anyone can watch the browser screen live.
Keep live view disabled for sensitive sessions, avoid sharing view URLs, and require strong access controls before streaming browser activity.
The external package would run locally with browser-control capability and access to the provided API key, so package compromise or misbehavior could affect sessions and accounts.
The skill relies on installing and executing an external npm package as an MCP server with an API key, while the provided artifact set contains no reviewed implementation or pinned package version.
npm install anti-detect-browser ... "command": "npx", "args": ["anti-detect-browser", "--mcp"], "env": { "ANTI_DETECT_BROWSER_KEY": "your-api-key" }Do not run the npm/npx commands without independently verifying the package source, pinning versions, auditing dependencies, and isolating execution from sensitive accounts.