Browser Ladder
WarnAudited by ClawScan on May 10, 2026.
Overview
Review before installing: the skill is mostly transparent browser automation, but it explicitly enables CAPTCHA/bot-protection bypass, can route browsing through paid cloud services, and runs an unpinned runtime helper.
Install only if you need browser automation and are comfortable with Docker, cloud browser providers, and the stated bypass capabilities. Do not use the CAPTCHA/Cloudflare/OAuth/MFA rung unless you have authorization and trust Browserless with the resulting data. Consider forcing lower levels, skipping cloud tokens, and waiting for the BrowserCat rung and runtime dependencies to be clarified.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could be used to bypass website protection mechanisms, which may violate site rules or create legal and account-risk exposure.
The skill explicitly frames Browserless as a way to bypass CAPTCHA, Cloudflare, and bot-detection controls, not just render pages.
L4 (Browserless.io for CAPTCHA/bot bypass) ... | CAPTCHA/Cloudflare | 4 | Bot bypass needed |
Use this only on sites and workflows where you have authorization; the skill should add explicit approval and acceptable-use guidance before any CAPTCHA, Cloudflare, or bot-bypass attempt.
Users may believe the tool will try a free cloud rung before paid Browserless, but the actual script can reach the paid rung sooner than expected.
The free BrowserCat fallback described by the skill is not implemented, so the ladder can skip from local Docker failure to paid Browserless when a token is available.
# TODO: Implement BrowserCat API return 1
Implement BrowserCat before advertising it as an active rung, or update the documentation and require explicit confirmation before paid Browserless use.
A browsing request may run npm code that was not reviewed with the skill, even though it is inside a Docker container.
This executes a package fetched by npx at runtime without a pinned version or declared provenance.
npx -y playwright-cli-extra content "$URL"
Pin the package version, declare it clearly, vendor the helper, or replace it with reviewed Playwright code included in the skill.
Sensitive authentication pages or sessions could be processed by a third-party cloud browser if the agent uses this rung for login flows.
The documentation directs complex OAuth/MFA flows to a cloud browser provider without describing credential, session, or data-boundary protections.
Rung 4: Browserless.io (Cloud Paid) ... | OAuth/MFA flows | 4 | Complex auth |
Avoid using cloud browser rungs for sensitive login, OAuth, or MFA unless you explicitly trust the provider; add warnings, allowlists, and per-use approval for authenticated flows.
Anyone or anything with access to that .env file may be able to use the configured browser service tokens.
The setup script asks for optional provider tokens and saves them in the workspace .env file.
read -p "Browserless Token (or press Enter to skip): " BROWSERLESS_KEY ... echo "BROWSERLESS_TOKEN=$BROWSERLESS_KEY" >> "$ENV_FILE"
Only enter tokens you intend the agent to use, protect the .env file, and skip BrowserCat/Browserless setup unless you need those rungs.