ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Stealth

v1.0.2

Stealth-first browser automation for OpenClaw using agent-browser-stealth. Use when tasks involve bot-protected websites, anti-fingerprint evasion, captcha-p...

0· 581·7 current·7 all-time
by郭立lee@leeguooooo
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim stealthy browser automation; SKILL.md consistently instructs use of an 'agent-browser' CLI and anti-bot patterns, which fits the declared purpose. However, the doc uses placeholders like $USERNAME and $PASSWORD without declaring required env vars or credentials in the skill metadata — a mismatch between claimed requirements and actual runtime expectations.
!
Instruction Scope
Instructions tell the agent to run a third-party CLI, perform login flows, take snapshots, read element text, and return 'key page state changes' and 'important element text'. That is within automation scope, but it grants broad discretion to capture and report page content (which may include sensitive data). The guidance for connecting to a local CDP (localhost:9333) is expected for browser tooling but also lets the CLI access any connected browser contexts. The SKILL.md does not constrain what data may be returned or how to treat credentials, increasing the risk of accidental exfiltration.
Install Mechanism
No registry install spec in the skill metadata, but the README instructs 'pnpm add -g agent-browser-stealth' and 'agent-browser install' — a global npm/pnpm install from the public registry. This is a common but higher-risk pattern than instruction-only because it pulls and executes third-party code; the SKILL.md does not pin a package version or point to a verified release artifact.
!
Credentials
Skill metadata declares no required env vars or credentials, but the instructions use $USERNAME and $PASSWORD placeholders in login recipes. That mismatch means the skill expects credentials but hasn't declared or justified them. The skill also references connecting to a CDP on localhost:9333 (which may access local browser profiles and session data) — reasonable for automation but a capability the metadata doesn't call out.
Persistence & Privilege
The skill does not request 'always: true' and has no install spec in the registry metadata; it is user-invocable and can be invoked autonomously (platform default). It does instruct installing a global CLI, which would add a tool to the system if the user follows the SKILL.md, but the skill itself doesn't request elevated or persistent platform privileges in the manifest.
What to consider before installing
This skill appears to be a reasonable stealthy browser automation guide, but take precautions before installing or using it: - Treat the pnpm global install as a supply-chain action: verify the npm package and GitHub repo, pin a specific version, and inspect the package source before installing globally. Consider installing in an isolated VM/container rather than your main workstation. - The SKILL.md uses $USERNAME and $PASSWORD but the skill metadata does not declare required credentials. Do not provide real secrets until you confirm how the agent will retrieve, store, and transmit them. Prefer ephemeral/test accounts where possible. - The skill asks you to return page element text and state; that can include PII or secrets. Decide and document what outputs are allowed, and redact or avoid capturing sensitive fields (passwords, OTPs, payment data). - The instructions connect to a local CDP endpoint (localhost:9333). Ensure that endpoint is not exposing other browser profiles or remote machines you don't intend the skill to control. - If you must use this skill, run it in an isolated environment, audit the installed package, pin versions, and limit autonomous invocation until you are comfortable with its behavior. Confidence in this assessment is medium: the skill's behavior is plausible for its stated purpose, but the omissions (undeclared credentials and unpinned third-party install) create real risk and ambiguity.

Like a lobster shell, security has layers — review code before you run it.

latestvk97by3pt1nsby3bkm3zx27z2ts8241ns

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments