Anti-Detect Browser
PassAudited by VirusTotal on May 9, 2026.
Overview
Type: OpenClaw Skill Name: anti-detect-browser Version: 1.0.0 The skill bundle integrates with a third-party service (antibrow.com) that performs high-risk activities, including synchronizing sensitive browser session data (cookies and localStorage) to a remote cloud and streaming live browser views to an external dashboard. While these features are documented for 'anti-detect' purposes, they represent a significant data exfiltration and privacy risk. Furthermore, the MCP server grants an AI agent high-privilege capabilities such as arbitrary JavaScript execution (evaluate tool) and full browser automation via the 'anti-detect-browser' npm package.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could use this to evade website protections, operate multiple identities, scrape at scale, or perform account activity that may violate site rules and expose the user to bans or liability.
The skill’s core capability is to hide automated browser sessions behind realistic fingerprints and bypass bot-detection systems, especially for multi-account automation.
anti-detect browsers with unique real-device fingerprints for multi-account operations, web scraping ... passing even advanced anti-bot checks
Do not install for general agent use. Only consider it in tightly controlled, explicitly authorized testing environments with clear site permission and human approval for actions.
Sensitive accounts used in these browsers could remain logged in across machines, and compromised API keys or profiles could expose those sessions.
Cookies and session storage can act like credentials; storing and replaying them from the cloud gives the provider and any holder of the relevant profile/API access a way to reuse logged-in sessions.
Profiles save cookies, localStorage, and session data to the cloud. Same profile name = same logged-in state next time, even across machines.
Avoid using sensitive personal, financial, or production accounts. If used at all, use low-privilege test accounts, clear profiles, rotate credentials, and verify the provider’s retention and access controls.
A connected agent could browse, interact with logged-in accounts, capture page contents, and operate under persistent browser profiles.
The artifacts expose powerful browser-control capabilities to AI agents through MCP, but do not describe identity checks, permission scoping, or per-action approvals.
MCP server mode lets AI agents launch, navigate, screenshot, and interact with fingerprint browsers through tool calls.
Do not expose this MCP server to untrusted agents. If deployed, restrict it to a trusted local environment, use tool allowlists, and require human approval before account actions.
Sensitive browsing activity, account pages, messages, or personal data could be visible to anyone who receives or discovers the live-view URL.
Live browser screens may contain private content or logged-in account pages, and the artifact says the view URL can be shared so anyone with it can watch.
Stream any headless session to the antibrow.com dashboard. Share the URL — anyone can watch the browser screen live.
Keep live view disabled for sensitive sessions, avoid sharing view URLs, and require strong access controls before streaming browser activity.
The external package would run locally with browser-control capability and access to the provided API key, so package compromise or misbehavior could affect sessions and accounts.
The skill relies on installing and executing an external npm package as an MCP server with an API key, while the provided artifact set contains no reviewed implementation or pinned package version.
npm install anti-detect-browser ... "command": "npx", "args": ["anti-detect-browser", "--mcp"], "env": { "ANTI_DETECT_BROWSER_KEY": "your-api-key" }Do not run the npm/npx commands without independently verifying the package source, pinning versions, auditing dependencies, and isolating execution from sensitive accounts.