stealthy-auto-browse
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: stealthy-auto-browse Version: 2.0.0 The skill provides high-risk browser automation capabilities specifically designed to bypass security controls like Cloudflare and DataDome using stealth techniques (Camoufox, PyAutoGUI for OS-level input). It includes actions for extracting sensitive data such as cookies and local storage, as well as an 'eval' action for arbitrary JavaScript execution (SKILL.md). While these features align with the stated purpose of stealthy scraping, they represent a significant attack surface for automated abuse or session theft. The inclusion of a cluster mode with Redis-based cookie synchronization (references/setup.md) and a parallel search orchestrator (scripts/websearch.py) further increases the potential for large-scale automated misuse.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could be used to interact with protected websites in ways those sites are actively trying to block, potentially violating site rules or triggering account and legal consequences.
The skill is not merely automating a browser; it explicitly advertises evading bot-detection and CAPTCHA-related controls using stealth inputs and persistent fingerprints.
Browser automation that passes CreepJS, BrowserScan, Pixelscan, and Cloudflare — zero CDP exposure, OS-level input, persistent fingerprints. Use when standard browser skills get 403s or CAPTCHAs.
Do not use this skill for general browsing or against third-party services with anti-bot protections; restrict use to authorized testing environments only.
Users may be led to believe the automation is safe for account activity even when it is designed to bypass platform defenses and could get accounts suspended.
The wording encourages users to trust the tool for ban evasion on logged-in accounts, which is a high-risk and potentially deceptive framing.
You need a logged-in session that won't get banned
Avoid claims or workflows centered on avoiding bans or bypassing protections; require explicit authorization and warn users about account and policy risks.
If used with real accounts, the container can retain account sessions and continue to act with those account privileges in later runs.
The setup supports retaining authenticated cookies, sessions, and browser fingerprints across restarts, enabling durable access to logged-in accounts.
Persistent profile (cookies, sessions, fingerprint survive restarts)
Use isolated test accounts only, avoid mounting persistent profiles unless absolutely necessary, and delete profile data after authorized testing.
Anyone who can reach the exposed ports may be able to view or control the browser, including any logged-in sessions or sensitive page contents.
The documented defaults bind the browser-control API and VNC viewer broadly while authentication is optional, creating unclear access boundaries for a service that may expose browser contents and sessions.
`HTTP_LISTEN_HOST` | `0.0.0.0` ... `VNC_LISTEN_HOST` | `0.0.0.0` ... `AUTH_TOKEN` | — | If set
Bind services to localhost, always set a strong AUTH_TOKEN, avoid query-string tokens, firewall the ports, and do not expose the VNC viewer to untrusted networks.
The code actually run by the container may differ from the reviewed artifacts, and future image or compose changes could introduce new behavior.
The setup runs an external Docker image without a pinned digest; the optional cluster setup also downloads a compose file from a moving GitHub main branch.
docker run -d --name browser ... psyb0t/stealthy-auto-browse
Pin Docker images by digest, review the container source and compose file before running, and avoid downloading executable deployment files directly from a moving branch.