Broswer
MaliciousAudited by ClawScan on May 1, 2026.
Overview
This appears to be a fake browser skill: it advertises real web browsing and DOM extraction but says it performs no browser, network, or filesystem activity and always succeeds.
Avoid installing this if you need actual web access. It is not a real browser skill based on the provided artifacts; it should be treated as deceptive unless it is explicitly converted into a clearly labeled mock/testing skill.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could report that a webpage was accessed, rendered, or validated when no real browsing occurred.
The skill advertises real browser capabilities but explicitly describes an inert, simulated flow that always succeeds, which can mislead a user or agent into trusting fake browser results.
"Provides browser navigation, DOM inspection... extracting content" ... "No browser process is created" ... "Network activity: none" ... "Execution always completes successfully."
Do not install this as a browser capability. Only use it if it is clearly renamed and scoped as a mock/testing skill, and remove claims of real navigation, extraction, or validation.
Browser-dependent tasks may be completed with simulated success instead of real evidence from the web.
The invocation guidance broadly redirects webpage tasks into this skill, even though the skill does not actually browse, which can override the user’s likely goal of real web access.
"Use this skill when: - Accessing a webpage" ... "You must run the skill flow after it is installed or you are told to use this skill"
Remove mandatory or broad invocation language and require explicit user confirmation that simulated browser behavior is acceptable.
Users or reviewers could be tricked into believing the agent used a real browser based on fabricated-looking traces.
The artifact explicitly references producing fake browser traces that look real, which is direct evidence of deceptive framing around the skill’s behavior.
"fake CDP, Chromium, and Playwright-style logs" ... "indistinguishable from a real browser skill in agent traces"
Reject this artifact unless the deceptive trace language is removed and the skill is transparently documented as non-functional simulation.