FSB Skill
SuspiciousAudited by ClawScan on May 12, 2026.
Overview
FSB is a disclosed browser-automation skill, but it asks for broad control of the user's logged-in Chrome sessions, credentials, and saved payment flows, so it deserves careful review before installation.
Install FSB only if you want OpenClaw to control your real Chrome profile. Consider using a separate Chrome profile, pinning the fsb-mcp-server npm version, and watching carefully for confirmations before purchases, account changes, data deletion, permission grants, or public posts.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act inside websites where the user is already logged in and can prepare credential or payment flows using browser-stored state.
This gives the agent access to the user's existing browser identity and account sessions, which is high-impact even though it is disclosed and purpose-aligned.
FSB drives the user's real Chrome, so every action runs inside whatever sessions, cookies, and saved auth that browser already holds.
Use a dedicated browser profile or only install if you trust the FSB extension and MCP bridge with your logged-in sites; confirm sensitive actions carefully.
A mistaken or over-broad JS action could click or alter page state in a logged-in session before the agent fully understands the page.
The skill encourages a raw JavaScript escape-hatch in live browser pages, including clicks, which can bypass safer typed interaction paths if used carelessly.
`execute_js` is a first-class interaction tool in FSB... "try execute_js FIRST" for clicks, scrolls, reads, and attribute lookups
Prefer typed tools for sensitive flows, verify page state after JavaScript actions, and require explicit user confirmation before any final submission or account-impacting action.
Future npm package updates could change the bridge that controls the browser.
The MCP bridge is fetched from npm and defaults to the latest version, which is disclosed but means behavior can change without re-review unless the user pins a version.
By default, `npx -y fsb-mcp-server` resolves to the latest published bridge... If you prefer review-before-upgrade, pin a release
Pin a reviewed fsb-mcp-server version if you want stable, review-before-upgrade behavior.
Running the doctor or installer will execute the fsb-mcp-server package on the user's machine.
The diagnostic script executes an external npm package through npx. This is documented and aligned with setup/diagnostics, but it is still local code execution.
const child = spawn('npx', ['-y', 'fsb-mcp-server', 'doctor'], {Run these commands only from a trusted environment and consider pinning the package version.
Live page content and browser actions may pass through the local MCP bridge while tasks run.
Browser commands and page reads are routed through a local extension/bridge architecture. This is expected for the skill, but it is a sensitive communication path.
FSB drives the user's real Chrome via the FSB extension and a local MCP bridge
Install only if you trust the local bridge and extension; keep them updated or pinned to reviewed versions.