Nextbrowser
Security checks across malware telemetry and agentic risk
Overview
The skill is designed for autonomous online-account browser automation using persistent logins, residential proxies, stealth browsing, and CAPTCHA solving, which can evade website protections.
Treat this as a high-risk automation skill. It may be appropriate only for tightly controlled, authorized browser testing or account-management workflows; avoid using it for stealth, CAPTCHA bypass, residential-proxy evasion, or autonomous actions on social media and other logged-in accounts without explicit review.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it could let an agent automate logged-in accounts in ways that websites may treat as abusive or evasive, risking account bans, unwanted public actions, or policy violations.
This combines autonomous browser control, persistent account sessions, residential proxies, stealth, and CAPTCHA solving. That is materially different from ordinary browser automation because it can bypass website anti-bot and account-protection controls.
Primary use is creating browser sessions with profiles (persisted logins/cookies) that Openclaw can control to manage social media and other online accounts. Secondary use is running task subagents for fast autonomous browser automation under residential proxy, browser stealth, and CAPTCHA solving capability.
Do not install unless you have a legitimate, authorized use and can enforce explicit per-task approval, target-site limits, rate limits, and no anti-detection or CAPTCHA-bypass use.
An agent using this skill could act through your Nextbrowser account and through logged-in website sessions stored in profiles.
The skill uses a provider API key and persistent login/cookie profiles that can represent real online-account identities. The artifacts do not clearly bound which accounts may be controlled or what actions require user approval.
**API Key** is read from openclaw config at `skills.entries.next-browser.apiKey`... Profiles persist cookies and login state across browser sessions.
Use a dedicated, least-privileged API key and separate browser profiles; require confirmation before creating, deleting, starting, or using logged-in profiles.
Browser sessions or autonomous tasks could continue consuming credits or acting through logged-in profiles longer than the user intended.
The skill contemplates autonomous subagents and long-running cloud browser instances. Although start/stop endpoints are documented, the artifacts do not define strict task boundaries, runtime caps, or mandatory cleanup.
Secondary use is running task subagents for fast autonomous browser automation... Start browser for profile (creates browser instance)... Stop browser for profile
Require explicit stop conditions, time limits, credit limits, and cleanup checks for every browser session or autonomous task.