God of all Browsers
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill is a powerful browser automation tool, but it intentionally evades bot protections, keeps login sessions, can run arbitrary browser JavaScript, and starts a persistent Chromium process.
Install only if you intentionally want a powerful browser-control tool. Use it in an isolated environment with a dedicated browser profile, avoid logging into sensitive accounts, approve eval/custom scripts manually, use it only on sites where automation is allowed, and delete stored profiles, sessions, recordings, and learning files after use.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could automate websites in ways they try to prevent, and a malicious page would have weaker browser sandbox protection on Linux.
The launched browser is explicitly configured for bot-check evasion and disables Chromium sandboxing on non-Windows platforms, reducing containment when browsing untrusted or protected sites.
'--disable-blink-features=AutomationControlled', // Bypass Bot Checks ... isWin ? '' : '--no-sandbox'
Use only for authorized automation, preferably in a container or VM; avoid sensitive accounts and remove the no-sandbox setting unless it is strictly required.
Anyone or any process with access to these files may be able to reuse your web sessions, and the agent can act as you on sites where you are logged in.
The skill stores and can export authentication material for logged-in websites, giving future browser automation the user's account authority.
saves all session data, cookies, and local storage in the `./chrome_profile/` directory ... `save-session` command exports cookies to `session.json` in plain text
Use a dedicated browser profile and low-privilege test accounts; do not log into sensitive services, and delete `chrome_profile/` and `session.json` when finished.
A bad or agent-generated script could perform unintended actions on a website or extract sensitive page content from the active browser session.
The skill intentionally exposes a raw JavaScript execution path on the current page, which can interact with logged-in web sessions and page data.
The `eval` command is a high-risk feature that allows executing arbitrary JavaScript inside the browser context.
Require explicit user approval for every eval use, run only trusted scripts, and avoid using eval while logged into sensitive accounts.
The browser and its authenticated state may remain active between tasks until it is stopped.
The browser process is deliberately detached so it keeps running after the CLI command exits.
detached: true, stdio: 'ignore', shell: false ... child.unref();
Run `node browser.js stop` after use and verify that the Chromium process has exited; clear stored profiles when the task is done.
Sensitive information visible during browsing may remain on disk after the automation task.
The skill stores browsing snapshots/screenshots locally, which may include private page content and could be reused or inspected later.
`recordings/`: Snapshots and screenshots for manual review.
Review and delete `recordings/`, `debug.log`, and any learning/session files after sensitive tasks; do not capture pages containing secrets unless necessary.
Installation depends on npm package resolution and the local Node/Chrome environment.
Setup fetches an external npm dependency; this is expected for Puppeteer automation, but it is not represented by a registry install spec.
npm install puppeteer-core
Install from a trusted network, review `package-lock.json`, and prefer reproducible installs such as `npm ci` where possible.