stealthy-auto-browse
AdvisoryAudited by Static analysis on May 4, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could be used to interact with protected websites in ways those sites are actively trying to block, potentially violating site rules or triggering account and legal consequences.
The skill is not merely automating a browser; it explicitly advertises evading bot-detection and CAPTCHA-related controls using stealth inputs and persistent fingerprints.
Browser automation that passes CreepJS, BrowserScan, Pixelscan, and Cloudflare — zero CDP exposure, OS-level input, persistent fingerprints. Use when standard browser skills get 403s or CAPTCHAs.
Do not use this skill for general browsing or against third-party services with anti-bot protections; restrict use to authorized testing environments only.
Users may be led to believe the automation is safe for account activity even when it is designed to bypass platform defenses and could get accounts suspended.
The wording encourages users to trust the tool for ban evasion on logged-in accounts, which is a high-risk and potentially deceptive framing.
You need a logged-in session that won't get banned
Avoid claims or workflows centered on avoiding bans or bypassing protections; require explicit authorization and warn users about account and policy risks.
If used with real accounts, the container can retain account sessions and continue to act with those account privileges in later runs.
The setup supports retaining authenticated cookies, sessions, and browser fingerprints across restarts, enabling durable access to logged-in accounts.
Persistent profile (cookies, sessions, fingerprint survive restarts)
Use isolated test accounts only, avoid mounting persistent profiles unless absolutely necessary, and delete profile data after authorized testing.
Anyone who can reach the exposed ports may be able to view or control the browser, including any logged-in sessions or sensitive page contents.
The documented defaults bind the browser-control API and VNC viewer broadly while authentication is optional, creating unclear access boundaries for a service that may expose browser contents and sessions.
`HTTP_LISTEN_HOST` | `0.0.0.0` ... `VNC_LISTEN_HOST` | `0.0.0.0` ... `AUTH_TOKEN` | — | If set
Bind services to localhost, always set a strong AUTH_TOKEN, avoid query-string tokens, firewall the ports, and do not expose the VNC viewer to untrusted networks.
The code actually run by the container may differ from the reviewed artifacts, and future image or compose changes could introduce new behavior.
The setup runs an external Docker image without a pinned digest; the optional cluster setup also downloads a compose file from a moving GitHub main branch.
docker run -d --name browser ... psyb0t/stealthy-auto-browse
Pin Docker images by digest, review the container source and compose file before running, and avoid downloading executable deployment files directly from a moving branch.