ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

stealthy-auto-browse

vv1.8.0

Browser automation that passes CreepJS, BrowserScan, Pixelscan, and Cloudflare — zero CDP exposure, OS-level input, persistent fingerprints. Use when standar...

2· 2.8k·6 current·6 all-time
byCiprian Mandache@psyb0t
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (stealthy browser automation) match the artifacts: SKILL.md documents a Docker-based HTTP API, examples call STEALTHY_AUTO_BROWSE_URL, and included websearch.py posts scripts to that API. Required binaries (docker, curl) and the primaryEnv (STEALTHY_AUTO_BROWSE_URL) are appropriate for running a local containerized service.
Instruction Scope
Instructions focus on driving a local browser API and describe system vs Playwright input. They do not ask the agent to read unrelated host files, but the docs recommend binding services to 0.0.0.0, exposing a noVNC viewer on port 5900, persisting profile volumes, and optionally routing through proxies — all of which broaden the attack surface and can leak sessions/credentials if misconfigured or exposed.
Install Mechanism
No install spec in the skill itself, but setup instructs pulling a Docker image (psyb0t/stealthy-auto-browse) from Docker Hub and downloading compose/config files from GitHub raw URLs. Those are expected for a containerized tool but require trusting a third-party image; the skill does not include a reproducible/verified image hash or provenance.
Credentials
Declared env usage is limited (STEALTHY_AUTO_BROWSE_URL as primary). The code and docs also reference AUTH_TOKEN for server auth and other optional runtime vars (TZ, PROXY_URL, etc.), which are justified by the stated functionality. No unrelated cloud credentials or excess secrets are requested by the skill itself.
!
Persistence & Privilege
Skill defaults encourage running a long‑lived container with persistent profile volumes and network-exposed ports (HTTP API and VNC). While not an explicit 'always' privilege, these defaults can create persistent credentials/sessions and expose a remote view/control endpoint if the container is bound to 0.0.0.0 or routed through public networks.
What to consider before installing
This skill appears to do what it says (run a stealth browser API), but it pulls and runs a third‑party Docker image and its example defaults expose an HTTP API and a noVNC viewer and preserve browser profiles — all of which can leak sessions or allow remote access. Before installing: (1) verify the Docker image publisher and inspect the image (or build from source) instead of blindly pulling psyb0t/stealthy-auto-browse; (2) bind the API and VNC to localhost (not 0.0.0.0) or run inside an isolated VM; (3) set an AUTH_TOKEN and firewall the port; (4) avoid mounting sensitive host directories as profile volumes unless necessary; (5) be aware this tool is designed to evade bot/CAPTCHA protections — ensure your use complies with target sites' terms of service and applicable law. If you need higher assurance, request the project's Dockerfile and image digest or run the container in an ephemeral, network-restricted sandbox and review its filesystem and network behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d59g773c5dazf9grh1tgggd84c1tn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🕵️ Clawdis
Binsdocker, curl
Primary envSTEALTHY_AUTO_BROWSE_URL

Comments