Unbrowser
ReviewAudited by ClawScan on May 9, 2026.
Overview
Unbrowser is a coherent web-browsing helper, but users should be careful with cookies, account-changing actions, JavaScript evaluation, and the external binary they install.
This skill appears reasonable for first-pass browsing and scraping. Before installing or using it, verify the external `unbrowser`/`pyunbrowser` source, only provide cookies for sites you authorize, require confirmation for any logged-in action that changes data or spends money, and close or clear sessions between unrelated tasks.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide cookies, the tool may be able to access your logged-in web session as you.
The skill can use exported session cookies to act as the user on websites. This is disclosed and scoped, but it is sensitive account access.
Treat any cookie passed to `cookies_set` as a credential. A session cookie can authenticate as the user who exported it, with no password or 2FA prompt.
Only provide cookies for sites you explicitly want to use, verify the cookie domain, and clear cookies after the task.
Used carelessly, it could change account data or submit actions on websites.
The tool can perform high-impact browser actions on authenticated accounts, including purchases or deletes, but the instructions require explicit user approval before doing so.
Pause for user confirmation before any authenticated action. If a click, form submit, or `eval` would mutate state on a logged-in account (post, purchase, delete, send, transfer, change settings), surface the action to the user and wait for explicit go-ahead
Keep the user in the loop for any logged-in action that posts, buys, deletes, sends, transfers, or changes settings.
Untrusted web pages may influence the browser session, and unsafe eval usage could run unintended JavaScript in that context.
Running page JavaScript and exposing an eval-style diagnostic tool is expected for a browser-like scraper, but it still needs careful handling of untrusted page content.
`unbrowser` is a single static binary that runs page JS in QuickJS ... `eval` is a diagnostic / extraction tool, not a generic JS runner
Only evaluate agent-written extraction code, never code copied from a page, and prefer the managed browser when pages require complex or sensitive interaction.
Cookies or browsing state from one site could affect a later task if the session is reused.
The stateful process may retain cookies and page/session state between calls. The skill gives mitigation guidance, but users should be aware of cross-task leakage risk.
the cookie jar can carry session credentials, page JavaScript runs in QuickJS, and a single process retains state across calls
Use one site per sensitive session, call `cookies_clear` after authenticated work, and close the process before unrelated tasks.
Installing the external binary gives that package code execution on the local machine.
The skill depends on an external package and native binary not included in the reviewed artifact. The install advice is disclosed and includes verification guidance.
`pipx install pyunbrowser` or `uv tool install pyunbrowser` ... The wheel ships a platform-specific native binary; verify the upstream repository (https://github.com/protostatis/unbrowser) before upgrading across versions.
Install only from the expected upstream source, consider pinning versions, and prefer isolated tools such as `pipx` or `uv tool`.