WebStack
WarnAudited by ClawScan on May 18, 2026.
Overview
This appears to be a coherent Bright Data web-data plugin, but it can bypass anti-bot protections, automate websites through residential proxies, and change your Bright Data account setup.
Use this plugin only if you deliberately want Bright Data-powered scraping and browser automation. Before installing, consider legal/terms-of-service limits, use the least-privileged Bright Data token available, watch for automatic zone creation and costs, and require manual confirmation before the agent clicks, types, submits forms, or accesses sensitive sites.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could scrape or interact with websites in ways that bypass site protections or violate terms of service if used carelessly.
The plugin explicitly gives the agent anti-bot bypass scraping and residential-proxy browser automation. That is purpose-aligned for Bright Data, but it is broad, high-impact web automation and the artifacts do not show domain limits or explicit approval gates for risky actions.
Bot-bypass scraping through Bright Data Web Unlocker — handles CAPTCHAs, JS rendering, and rate limits automatically ... Full browser automation via a real Chromium instance routed through Bright Data's residential proxy network
Install only if you intentionally need this capability. Restrict use to authorized sites and require confirmation before navigation, clicks, typing, form submission, or scraping protected services.
The plugin may create persistent Bright Data resources and potentially affect billing or account configuration.
The Bright Data token is used not only for API access but also for automatic account resource creation. The documentation discloses this, but the artifacts do not show an explicit confirmation step or rollback instructions.
export BRIGHTDATA_API_TOKEN=your_token_here ... The plugin automatically creates two proxy zones on first use: `mcp_unlocker` (Web Unlocker) and `mcp_browser` (Browser API).
Use a limited-scope Bright Data token if available, review account changes after first use, and remove unused zones manually if you uninstall or stop using the plugin.
A malicious webpage could try to influence the agent through scraped text or HTML.
The plugin returns arbitrary web page content to the agent. This is expected for search/scraping, but retrieved pages can contain prompt-injection text or misleading instructions.
`brightdata_scrape` ... Fetch any page through Bright Data Web Unlocker ... `extractMode` `"markdown" | "text" | "html"`
Treat scraped/search content as untrusted and avoid letting webpage instructions override your original task or safety requirements.
Sensitive browsing state entered into the remote browser may remain available to the agent during the session window.
The plugin keeps browser session state for a bounded idle window. This is disclosed and scoped, but users should know that page/session state can persist briefly between tool calls.
Sessions are automatically scoped per user context and idle-timeout after 10 minutes.
Avoid logging into sensitive accounts through the automated browser unless necessary, and reset or let sessions expire after sensitive work.
The reviewed source may not exactly match the registry version the user installs.
The provided registry metadata lists version 1.0.3, while the supplied package.json and package-lock content show 1.0.2. This is a provenance/version-alignment note rather than evidence of malicious behavior.
"version": "1.0.2"
Verify the npm package version, source repository tag, and package integrity before installing in a sensitive environment.