BrowserMCP Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This browser automation skill is coherent, but it can control your logged-in Chrome session, advertises bot/CAPTCHA avoidance, and relies on unpinned external MCP/extension code.
Install only if you trust the BrowserMCP npm package and Chrome extension. Prefer a separate Chrome profile, pin the MCP package version if possible, connect only the tab you want automated, avoid CAPTCHA/bot-detection bypass use, and require explicit confirmation before posts, purchases, deletions, settings changes, or credential entry.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill for stealth automation could violate site rules, trigger account enforcement, or automate actions in contexts where human verification is expected.
The skill explicitly promotes bypassing bot-detection and CAPTCHA protections, which can encourage users to trust automation for behavior that sites intentionally try to prevent.
Stealth: Avoids basic bot detection and CAPTCHAs via real browser fingerprint
Do not use it to bypass CAPTCHAs, bot protections, rate limits, or site anti-abuse controls; require explicit user approval for each sensitive or policy-relevant action.
An agent using this skill may be able to view private account pages or perform authenticated actions such as submitting forms, changing settings, posting content, or starting purchases.
The skill operates through the user's real logged-in browser profile, giving automation access to whatever accounts and sessions are available in the connected tab.
Uses existing browser profile with active sessions
Use a separate browser profile with minimal logged-in accounts, connect only the intended tab, and require explicit confirmation before any account-changing or irreversible action.
Future or compromised package versions could run local code with access to the browser automation channel and the user's authenticated browser session.
The setup runs an unpinned external npm package at the latest version, while the reviewed skill package contains no MCP server code to inspect.
"command": "npx", "args": ["@browsermcp/mcp@latest"]
Pin the MCP package version, verify the package source, review extension permissions, and prefer installing in an isolated browser profile before granting access to sensitive accounts.
A mistaken or overly broad agent instruction could submit forms, click destructive buttons, or make account changes in the connected browser tab.
The toolset can type into pages and submit forms, which is expected for browser automation but can become high-impact on logged-in websites.
browser_type: Type text into an input field or text area. Supports submitting the form automatically.
Treat clicks, form submissions, purchases, posts, deletions, and settings changes as approval-required actions; verify the page state with a screenshot or snapshot before proceeding.
Private page contents, account details, or hostile webpage text may be visible to the AI during automation.
Snapshots and related outputs can bring page content from authenticated websites into the agent context, where private data or untrusted page instructions may be exposed to the model.
browser_snapshot ... Returns: ARIA accessibility tree as text
Avoid connecting tabs that contain sensitive personal, financial, or work data unless needed, and treat webpage text as untrusted data rather than instructions.
Leaving the extension installed and enabled increases the importance of trusting the extension and MCP server, especially on sensitive websites.
The Chrome extension is a persistent browser component with permissions needed for automation, although the documentation discloses that the user must connect a tab.
Browser MCP requires these permissions: Active Tab ... Storage ... Host permissions
Disable or remove the extension when not needed, limit host permissions where possible, and disconnect tabs after completing automation.