BrowserMCP Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill needs review because it can drive your logged-in Chrome browser, advertises bot/CAPTCHA evasion, and relies on unpinned external BrowserMCP components.
Install only if you trust BrowserMCP and need real-browser automation. Use a separate Chrome profile when possible, connect only the tab you intend to automate, require confirmation for high-impact actions, avoid CAPTCHA/bot-protection bypass, and consider pinning the MCP server package instead of using '@latest'.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could operate a connected logged-in browser tab as you, and the anti-bot/CAPTCHA positioning may violate site rules or enable unsafe automation.
The skill explicitly frames the browser-control tools as usable for authenticated actions while evading anti-bot/CAPTCHA protections.
allowing for authenticated actions and bypassing common bot detection ... Stealth: Avoids basic bot detection and CAPTCHAs via real browser fingerprint
Use only for sites where you are authorized to automate; require explicit approval before submissions, purchases, posts, account changes, or any interaction with bot/CAPTCHA protections.
A connected tab may expose or modify data in accounts where you are already signed in, such as email, social media, shopping, admin consoles, or financial sites.
The skill intentionally reuses the user's logged-in browser state rather than a separate sandboxed identity.
Uses existing browser profile with active sessions
Prefer a dedicated Chrome profile with only the accounts needed for the task, connect only the intended tab, and disconnect or disable the extension when finished.
The code that actually controls the browser can change over time and was not statically reviewed here, despite having access to a logged-in browser session.
The runtime MCP server is fetched/executed from an unpinned npm package, and the reviewed artifacts do not include that server's code.
"command": "npx", "args": ["@browsermcp/mcp@latest"]
Pin and verify a trusted BrowserMCP server version, review the package/source before use, and keep the Chrome extension installed only from a trusted publisher.
Private page content, account details, or sensitive console messages from logged-in sites may become visible to the agent during automation.
The skill sends page structure, screenshots, and console output from the connected browser tab into the agent's working context.
browser_snapshot ... returns ARIA accessibility tree ... browser_screenshot ... returns PNG image data ... browser_get_console_logs ... returns recent console output
Avoid connecting sensitive pages unless necessary, review screenshots/logs before sharing further, and treat web page text and console output as untrusted context.