Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Fast Browser Use 1.0.5
v1.0.0Rust-based Chrome automation for ultra-fast, token-efficient DOM extraction, session management, screenshots, infinite scroll harvesting, and sitemap analysis.
⭐ 0· 483·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The code (Rust library, CLI, MCP server) implements the advertised browser automation, DOM extraction, sitemap analysis and session management. However the published registry metadata is inconsistent with SKILL.md: the top-level metadata listed no install spec and no required env vars, while SKILL.md declares install steps (brew/cargo) and requires CHROME_PATH. The SKILL.md wording like "Login & Cookie Heist" is a red flag in tone (it documents cookie/session export/import explicitly). Functionality itself (save/load session, CDP control) is coherent with the stated purpose, but the metadata/documentation mismatches and wording are suspicious.
Instruction Scope
SKILL.md explicitly advises techniques to bypass bot detection (mouse jitter and disabling automation flags) and includes a recipe to save and later reload session cookies (labelled as a "heist"). Those instructions direct the agent to persist and reuse authentication cookies and to run commands that defeat anti-bot measures — actions that enable abuse (account takeover, scraping behind login). The skill also includes an MCP server that can accept commands over stdio, SSE or HTTP (127.0.0.1) to control the browser; combined with autonomous invocation this expands the blast radius. The instructions also direct installs from a third-party Homebrew tap and cargo, and to read/write local session files — all outside a minimal scraping scope.
Install Mechanism
SKILL.md recommends installing from a third-party Homebrew tap (rknoche6/tap/fast-browser-use) or via cargo. There is no download-from-arbitrary-URL pattern in the code. Using a third-party brew tap is a moderate risk (trust required) but consistent with publishing a Rust binary. Also: registry metadata incorrectly indicated "no install spec" while SKILL.md contains an install section — an inconsistency to resolve before installing.
Credentials
The skill does not request cloud API keys or unrelated credentials. SKILL.md indicates CHROME_PATH (local browser path) is required, which is proportionate. However the skill reads/writes session files (cookies/auth.json) and can be pointed at CDP/WebSocket endpoints; those capabilities allow capturing and replaying authentication material — sensitive behavior that is functionally related but privacy/security-sensitive. Also the registry metadata omits CHROME_PATH while SKILL.md requires it (incoherent).
Persistence & Privilege
always:false and default autonomous invocation (disable-model-invocation:false) are present. Autonomous invocation is expected for MCP plugins. The skill can run a local MCP server (stdio, SSE, HTTP on 127.0.0.1) to accept commands; this is normal for an automation tool but increases attack surface if the server is exposed or misconfigured. There is no evidence the skill forcibly persists itself into the agent beyond normal install behaviour.
What to consider before installing
This package appears to implement a legitimate, fast Chrome automation tool, but several issues merit caution:
- Inconsistencies: registry metadata claims no install/requirements, yet SKILL.md lists install steps (brew/cargo) and requires CHROME_PATH. Confirm which metadata is authoritative before installing.
- Sensitive capabilities: the skill documents saving and reloading browser session cookies and explicitly shows how to "steal the session." That is a legitimate convenience for automation but can be abused (account takeover, unauthorized scraping). Treat any saved session files (auth.json) as highly sensitive secrets.
- Bot-evasion guidance: SKILL.md includes instructions to circumvent bot-detection (injecting mouse jitter, disabling automation flags). Using those techniques against protected sites may violate terms of service or laws. Review legal/privacy policies before using.
- Install source: SKILL.md recommends a third-party Homebrew tap (rknoche6/tap). Installing binaries from third-party taps requires trust; prefer building from the included source (cargo build) and auditing the code paths that handle cookies, remote endpoints, and network I/O.
- Exposure surface: the MCP server can open local HTTP/SSE endpoints (default binds to 127.0.0.1:3000) — ensure it is not inadvertently exposed to untrusted networks. If you are uneasy, disable autonomous invocation for the skill or run it in an isolated environment/container and avoid supplying sensitive session files.
Practical next steps before installing:
1) Verify the repository and Homebrew tap URLs point to the expected author and check release integrity.
2) Audit the code paths around session saving/loading, cookie handling, and any network listeners the MCP server opens.
3) If you must test, build from source (cargo build --release) in an isolated environment and avoid loading sessions from other accounts. Do not run the MCP server on network interfaces reachable by untrusted hosts.
4) Consider disabling autonomous invocation (disable-model-invocation) while you evaluate, and limit file system access to only safe directories.
Given the explicit instructions that facilitate session reuse and bot-evasion, treat this skill as potentially high-risk until you review and control its installation and runtime environment.Like a lobster shell, security has layers — review code before you run it.
latestvk976eqfxwwt56x3hzf8ftet0t581myp2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.