Ghost Browser
MaliciousAudited by ClawScan on May 10, 2026.
Overview
This skill is a powerful browser automation tool, but its artifacts explicitly include Cloudflare/Turnstile anti-bot bypass behavior and persistent session handling.
Do not treat this as a simple browser helper. It can automate websites, preserve logged-in sessions, and includes code aimed at bypassing Cloudflare/Turnstile-style automation checks. Install only in an authorized testing environment, use isolated browser profiles, and avoid using it with personal or production accounts.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill could cause an agent to bypass website anti-bot protections, violate site terms, or trigger account/IP blocks.
The CLI advertises a dedicated Cloudflare-solving command, which is not necessary for ordinary browser automation and can be used to bypass bot-protection or human-verification controls.
python ghost_browser.py cf-solve [--tab ID] [--all] [--json]
Do not install unless you explicitly need and are authorized to perform this kind of automation; remove or disable cf-solve and anti-bot behavior for normal browsing use.
Visited pages may receive modified browser events designed to evade automation checks, which is a risky and potentially deceptive browser behavior.
The extension alters MouseEvent and PointerEvent constructors specifically to make automated CDP clicks appear more realistic to Cloudflare Turnstile.
Cloudflare Turnstile checks for this inside its iframe. // Fix: override the constructors to compute screen coordinates
Avoid loading this extension by default; if retained, clearly disclose the anti-detection behavior and restrict it to explicitly approved testing environments.
If enabled, the extension can affect every website the automated browser visits, including login pages and third-party embedded frames.
The content script is configured to run on every site, in every frame, at the earliest page load phase, making the event patch broad rather than scoped to a single authorized target.
"matches": ["<all_urls>"], "run_at": "document_start", "all_frames": true
Limit the extension matches to specific authorized domains, or require explicit user confirmation before loading it.
An agent using this skill may be able to keep and later reuse website login sessions created during browsing.
The skill explicitly supports saving browser authentication state for reuse, which is expected for a browser automation tool but sensitive because it can preserve logged-in sessions.
`session save <name>` | Save cookies + localStorage + sessionStorage
Use separate profiles for sensitive sites, save sessions only when intended, and clear profiles/sessions when automation is complete.
A browser process may remain running in the background and retain state between commands.
The skill can start a long-running browser daemon, including in headless mode. This is normal for browser automation, but users should understand it can continue operating until stopped.
ghost-browser start --headless # Run without visible window
Check status and run `ghost-browser stop` when finished; avoid headless use unless you need unattended automation.
A future dependency update could change browser automation behavior without a corresponding skill update.
The dependency is installed from a version range rather than an exact pinned version, which is common but leaves the installed code dependent on future package releases.
nodriver>=0.38
Pin dependency versions and use a reviewed lockfile for reproducible installation.