Multilogin X
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for managing Multilogin X profiles, but its setup asks users to run unverified downloaded executables and provide account credentials.
Review this skill before installing. If you use it, verify the xcli and mlx-launcher binaries through official Multilogin sources, prefer signed or checksum-verified downloads, avoid pasting high-value account passwords into shell commands, make sure launcher port 45000 is not publicly reachable, and stop the launcher and clear tokens when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed or compromised remote binary could run with the user's local privileges and receive the user's Multilogin credentials.
The install flow downloads the latest executable binaries from a remote S3 bucket into the system PATH and makes them executable, with no pinned version, checksum, signature, or provenance validation shown.
CLI_VER=$(curl -sL "https://ml000x-dev-dists.s3.eu-north-1.amazonaws.com/cli-mlx/latest") ... curl -L -o /usr/local/bin/xcli "https://ml000x-dev-dists.s3.eu-north-1.amazonaws.com/cli-mlx/${CLI_VER}/xcli_linux_amd64" ... chmod +x /usr/local/bin/xcli /usr/local/bin/mlx-launcherInstall only from official Multilogin documentation, pin known-good versions, verify checksums or signatures, and avoid placing unverified binaries in system-wide PATH locations.
Users may run downloaded programs with fewer platform warnings or protections, even though the artifacts do not provide verification steps.
After downloading executables, the macOS instructions remove the quarantine flag, reducing an operating-system safety check before running those binaries.
xattr -d com.apple.quarantine /usr/local/bin/xcli 2>/dev/null xattr -d com.apple.quarantine /usr/local/bin/mlx-launcher 2>/dev/null
Do not remove quarantine until the binary source and integrity have been verified; prefer signed, notarized, or checksum-verified releases.
The agent or shell session may handle a real account password, and a local token remains available for later xcli use for about a day.
The skill asks for Multilogin account credentials and stores a local session token. This is expected for the service, but it is sensitive authority and is not declared as a registry credential requirement.
xcli login --username 'USER@EMAIL' --password 'PASSWORD' Ask the user for credentials if not provided. Tokens last ~24h, stored in `~/.config/xcli/`.
Use the least-privileged Multilogin account possible, avoid exposing passwords in logs or shell history, and remove or rotate tokens after use.
The launcher may keep running after the immediate command, and browser-control services may remain available until stopped.
The launcher is intentionally started as a background process on a fixed port before xcli commands are used.
mlx-launcher -port 45000 & sleep 5
Start the launcher only when needed, ensure the port is not exposed publicly, and stop the launcher when finished.
Automated browser sessions could interact with user or third-party accounts and may violate site rules if misused.
The skill exposes anti-detect browser profile management and automation ports. This is the advertised purpose, but it can have high impact if used on accounts or websites without clear user direction.
Manage anti-detect browser profiles via the `xcli` CLI. ... Each returns a profile ID and a port for Puppeteer/Selenium automation.
Use the skill only for authorized workflows, review commands before execution, and avoid letting it automate sensitive account actions without explicit approval.