Nstbrowser AI Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a powerful anti-detection browser automation skill, and its included shell templates contain unsafe command-building patterns that should be reviewed before use.
Install only if you intentionally need Nstbrowser-based browser automation. Use dedicated profiles and API keys, avoid personal logged-in accounts, verify the npm package source, and do not run the included shell templates with untrusted profile or proxy values until the eval-based command construction is fixed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this template is run with malicious or malformed values, it could execute commands on the user's machine outside the intended profile setup.
The template concatenates user-provided profile and proxy values into a shell command and runs it with eval. Special characters in those values could cause unintended shell commands to run.
CREATE_CMD="nstbrowser-ai-agent profile create \"$PROFILE_NAME\"" ... CREATE_CMD="$CREATE_CMD --proxy-host $PROXY_HOST --proxy-port $PROXY_PORT" ... if eval "$CREATE_CMD"; then
Do not use eval for command construction; replace it with an argument array, quote all variables, and validate profile/proxy inputs before execution.
A crafted proxy value could run unintended shell commands, and the script can also change proxy settings across multiple profiles at once.
The batch proxy template also builds a command string from arguments such as proxy host, port, username, and password, then executes it with eval.
UPDATE_CMD="nstbrowser-ai-agent profile proxy batch-update ${RESOLVED_IDS[*]}" ... UPDATE_CMD="$UPDATE_CMD --proxy-host $PROXY_HOST" ... if eval "$UPDATE_CMD"; thenUse safe shell arrays for CLI arguments, avoid eval entirely, and add a dry-run or confirmation step before batch profile changes.
The agent could automate websites while masking identity or location, which may violate site rules, trigger account enforcement, or enable misuse if not tightly controlled.
The documented functionality is explicitly designed for anti-detection fingerprints, IP rotation, and bypassing restrictions. This is disclosed and purpose-aligned, but it is a high-abuse browser automation capability.
The fingerprint makes each profile unique and helps avoid detection ... IP rotation (use different IPs per profile) ... Access control (bypass restrictions)
Use only for authorized automation, testing, or research; do not use it to evade website controls or terms, and require explicit user approval for sensitive web actions.
Using a saved profile may let the agent act as the user on websites or services where that profile is already logged in.
Saved browser profiles can carry authenticated web sessions across automation runs, allowing the agent to act through those logged-in identities.
Profiles persist all browser storage: - HTTP cookies ... - localStorage ... - IndexedDB ... This allows you to: - Stay logged in across sessions
Use dedicated low-privilege Nstbrowser profiles, avoid personal or high-value accounts, and require confirmation before actions that post, purchase, delete, or change account data.
A changed or compromised npm package version could alter what the agent runs.
The skill relies on an external npm/npx CLI package that is not pinned to a reviewed version in the skill artifacts. This is normal for a CLI integration, but users should verify the package source.
allowed-tools: Bash(npx nstbrowser-ai-agent:*), Bash(nstbrowser-ai-agent:*) ... npx nstbrowser-ai-agent --help ... npm install -g nstbrowser-ai-agent
Pin a known-good package version where possible, install only from the official publisher, and review the npm/GitHub source before granting access to sensitive profiles.