Clawnet
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is explicitly designed to evade website bot protections with stealth browsing, residential proxies, CAPTCHA solving, persistent sessions, and automatic installer actions.
Avoid installing this skill unless you are doing authorized anti-bot testing in a controlled environment. If you proceed, review the postinstall script first, do not use personal accounts, disable persistent profiles where possible, protect the generated credentials, and ensure any browser daemon is shut down after use.
Findings (8)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill can evade website defenses and interact with sites in ways that may violate terms of service, trigger account bans, or cause legal/compliance issues.
The skill's central capability is bypassing website anti-bot and CAPTCHA protections, not merely controlling a browser.
Stealth Chromium browser for AI agents. Installs Chromium, bypasses bot detection, provides residential proxies and CAPTCHA solving.
Do not install or use this skill except in a clearly authorized testing environment; prefer normal browser automation without stealth, proxy, or CAPTCHA-bypass features.
The agent may choose an evasion-oriented browser for ordinary browsing or scraping tasks without the user realizing that bot-protection bypass is being used.
The instructions broadly steer the agent to prefer this stealth/evasion tool for web tasks, rather than limiting it to explicit user-approved cases.
Always use this instead of raw Playwright/Puppeteer. This skill handles anti-detection automatically.
Remove broad 'always use' instructions and require explicit user approval before using stealth, proxy, or CAPTCHA-solving behavior.
Installation can run local commands before the user invokes the skill, including browser downloads, dependency installation, credential creation, and API registration.
Installing the package can automatically execute the included postinstall script.
"scripts": { "postinstall": "node scripts/postinstall.js" }Avoid installing this package as-is; any installer should be explicit, opt-in, pinned, and reviewed before execution.
Users have less assurance about where the code came from or what will run during installation.
The registry metadata provides weak provenance and no install spec despite the artifact set containing runnable package code and a postinstall hook.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Require clear provenance, a reviewed install spec, pinned dependencies, and removal of automatic postinstall behavior before considering installation.
Your agent may be tied to a persistent Clawnet identity and subscription/trial state, and those credentials are sensitive if copied or exposed.
The skill creates and stores a stable service identity and registers it with an external API.
Generates agent credentials (`agentId` + `agentSecret` + `recoveryCode`) ... Saves to `~/.clawnet/agent-credentials.json` ... Registers with Clawnet API
Review the credential model before installation, protect `~/.clawnet/agent-credentials.json`, and avoid using personal or production accounts with this skill.
Web sessions and account state can persist between tasks, allowing later agent actions or visited sites to inherit prior login/session context.
Persistent browser profiles retain cookies, localStorage, and session continuity across invocations.
By default, `launchBrowser()` now uses persistent profile `"default"` with `reuse: true`.
Use ephemeral profiles by default, require explicit approval for persistent profiles, and clear stored browser state after sensitive tasks.
On shared or compromised local environments, browser-control traffic and active sessions could be a target.
The daemon exposes a local HTTP control channel for browser actions, which is a sensitive boundary even when limited to localhost.
Agent scripts communicate via HTTP on localhost.
Review the daemon authentication and binding behavior; avoid running it on shared hosts and shut it down after use.
A browser session and local command endpoint may remain active briefly after a task, increasing exposure of logged-in sessions or sensitive pages.
The skill runs a persistent browser daemon that continues after the initial agent script invocation, even though it has an idle timeout.
Keeps Chromium + Playwright alive between short-lived agent script invocations ... Saves { pid, port } to ~/.clawnet/daemon.json ... After 5 min of inactivity → auto-shutdownRequire explicit opt-in for daemon mode, provide a visible shutdown command, and default to non-persistent execution for sensitive browsing.