Stealth Browser
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is explicitly built to evade website bot protections, solve CAPTCHAs, bypass Cloudflare, and preserve login sessions for silent reuse.
Do not install this skill for ordinary browsing or account automation. It is designed to evade website security controls and persist login access. If you are doing authorized security testing, use an isolated VM, throwaway accounts, pinned dependencies, no real credentials, and strict cleanup of saved sessions and secrets.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help automate websites in ways designed to defeat their protections, which may violate terms of service, laws, or account security expectations.
The stated purpose is to bypass bot detection and security controls rather than automate a normal, authorized workflow.
Ultimate stealth browser automation with anti-detection, Cloudflare bypass, CAPTCHA solving, persistent sessions, and silent operation. Use for any web automation requiring bot detection evasion ... or bypassing security measures.
Do not install this skill for normal use. Use only in a tightly authorized testing environment, if at all.
Saved sessions can let future automation act as the user on websites without requiring a fresh login or visible browser interaction.
The skill expands a login request into persistent delegated account access that can later be reused headlessly.
When user asks to "login to X website", automatically use headed mode for login, then save session for future headless reuse.
Avoid using real accounts. Require explicit per-site approval, expiration, encryption, and easy deletion before any session persistence.
Anyone or anything that can read those files may gain access to sensitive session data; poisoned or stale browser state may also be reused in later tasks.
The code stores authentication cookies and localStorage in local JSON files for persistent reuse, with no encryption, retention limit, or site scope shown.
"cookies": page.cookies.as_dict(),
"localStorage": {},
...
session_path.write_text(json.dumps(session_data, indent=2, ensure_ascii=False))Do not save sensitive sessions in plaintext. If session storage is necessary, encrypt it, scope it to specific sites, expire it, and provide a clear cleanup command.
Third-party CAPTCHA services can learn which pages are being automated and receive provider credentials needed for the solver workflow.
CAPTCHA solving sends page URLs, site keys, and the user’s solver API key to third-party providers.
requests.post("https://api.anti-captcha.com/createTask", json={"clientKey": api_key, "task": {"websiteURL": page_url, "websiteKey": site_key}})Only use such providers where authorized, and understand what URLs and credentials are shared externally.
Manual global installs and unpinned images can introduce unreviewed code into the local environment.
The setup uses global package installs and an unpinned Docker image, which are not declared in an install spec and have no version pinning in the artifact.
npm install -g puppeteer-extra puppeteer-extra-plugin-stealth npm install -g playwright pip install undetected-chromedriver DrissionPage ... docker run -d --name flaresolverr -p 8191:8191 ghcr.io/flaresolverr/flaresolverr
Avoid installing these dependencies unless you can verify and pin exact versions in an isolated environment.