ClawHub
Back to skill
v1.0.0

Fast Browser Use 1.0.5

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:59 AM.

Analysis

This is a powerful browser automation skill that openly includes bot-detection bypass, session-cookie saving and reuse, and sandbox-disabled browsing, so it should be reviewed carefully before installing.

GuidanceInstall only if you need high-power browser automation and are comfortable with the risks. Use it only on authorized sites, keep Chrome sandboxing enabled where possible, avoid saving real-account cookies unless secured, verify the external package source/version, and restrict MCP access to trusted local clients.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
### 1. Bypass "Bot Detection" via Human Emulation
Simulate mouse jitter and random delays to scrape protected sites.

The skill explicitly instructs agents to evade bot-detection controls and scrape protected sites, which is broader and riskier than neutral browser automation.

User impactThe agent could help automate activity that violates website rules, triggers account or IP bans, or creates legal/compliance risk.
RecommendationUse only on sites you own or are authorized to test, and prefer removing or disabling evasion-oriented recipes and requiring explicit domain/user approval.
Cascading Failures
SeverityHighConfidenceHighStatusConcern
src/bin/cli.rs
let options = LaunchOptions::default().sandbox(false);

Several CLI workflows launch Chrome with the sandbox disabled while navigating to user-supplied web pages.

User impactIf a malicious page exploits the browser, disabling the sandbox can reduce containment and increase potential impact on the local machine.
RecommendationKeep Chrome sandboxing enabled by default and require an explicit, warned `--no-sandbox` option only for environments that truly need it.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
### 3. Login & Cookie Heist
Log in manually once, then steal the session for headless automation.

The documentation frames credential/session capture as a 'heist' and 'steal the session', encouraging unsafe handling of authenticated sessions.

User impactUsers or agents may normalize risky session extraction and reuse without appreciating the account-security consequences.
RecommendationRewrite the guidance to describe legitimate session export only, include security warnings, and require explicit user consent before saving or loading cookies.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
metadata
Source: unknown ... Install specifications
No install spec — this is an instruction-only skill.

The registry metadata under-declares setup even though SKILL.md lists brew/cargo installation, Chrome, and CHROME_PATH requirements.

User impactA user may not have a clear registry-level view of what external package or binary they are expected to install.
RecommendationVerify the GitHub repository, brew tap, Cargo package name/version, and required Chrome configuration before installing.
Unexpected Code Execution
SeverityLowConfidenceMediumStatusNote
src/tools/convert_to_markdown.js
var loadReadability = new Function(

The static scan reports dynamic JavaScript construction for markdown/readability conversion; this appears related to the stated browser-content extraction purpose but should still be reviewed.

User impactDynamic JavaScript execution increases the importance of trusting the bundled scripts and the browser context where they run.
RecommendationReview the bundled readability/markdown scripts and avoid feeding untrusted script text into dynamic execution paths.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
src/bin/cli.rs
let cookies = session.get_cookies()?;
let json = serde_json::to_string_pretty(&session_data)?;
fs::write(&save_session, json)?;

The login flow saves authenticated browser cookies to a user-specified JSON file for later reuse.

User impactAnyone who obtains that file may be able to reuse the session and access the logged-in account without the password.
RecommendationUse dedicated low-privilege accounts, store session files securely, delete them when no longer needed, and avoid saving cookies for sensitive accounts.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
src/bin/mcp_server.rs
let bind_addr = format!("127.0.0.1:{}", cli.port); ... StreamableHttpService::new(...)

The MCP server can expose browser-control tools over local SSE/HTTP transports bound to localhost.

User impactTrusted local clients may be able to drive the browser session and access page content through the MCP interface.
RecommendationUse stdio or localhost-only transports with trusted clients, and avoid exposing the MCP port beyond the local machine.