QQBrowserSkill
ReviewAudited by ClawScan on May 15, 2026.
Overview
QQBrowserSkill is a disclosed browser-automation skill, but it installs external browser components and can act on real websites, so sensitive actions should be supervised.
Before installing, make sure you trust the PyPI package and QQ Browser download source. When using it, supervise actions on logged-in sites, confirm any purchase/post/account-change/download, treat webpage text as untrusted, and clear temporary screenshots or downloaded files when done.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could perform meaningful actions on websites, not just read pages.
This grants broad browser control that is expected for the skill, but the same controls could submit forms, change account settings, post content, or trigger downloads if used without supervision.
Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, or automating any browser task.
Use it for user-directed tasks and require explicit confirmation before logins, purchases, public posts, account changes, or destructive actions.
A website could display text that attempts to manipulate the agent's next actions.
Browser snapshots bring untrusted webpage text into the agent context. That is necessary for browser automation, but malicious webpages can contain instructions that try to redirect the agent.
Each command will return a snapshot of the current page after execution, including the index of elements.
Treat webpage content as untrusted data and do not let page text override the user's instructions or safety checks.
Installing the skill means trusting the external package and browser installer.
The skill relies on an external PyPI package and a downloaded QQ Browser binary. This is expected for the browser-automation purpose, but the runnable code and binary are not present in the supplied artifact set for inspection.
pipx install qqbrowser-skill ... qqbrowser-skill install # Download and install QQ Browser
Install only from trusted sources, verify the package and browser publisher, and prefer pinned versions where possible.
Sensitive page content, screenshots, or form data could be exposed to the agent session or left in temporary files.
The skill can return page contents and save screenshots to temporary files. This is purpose-aligned, but private information visible in the browser may enter the agent context or local temp storage.
browser_snapshot --markdown # Markdown mode: clean Markdown of the page ... browser_screenshot # Take screenshot (returns temp file path of .webp image)
Avoid using it on highly sensitive pages unless necessary, and clear temporary screenshots/downloads when finished.
Users may underestimate where files can be written if they rely only on the temporary-directory statement.
The security section describes filesystem access as temporary-directory scoped, but also says downloads may use a user-specified path. This is not necessarily unsafe, but the scope disclosure is imprecise.
File System (Read/Write) | Temporary directories only ... Downloaded files: Saved to the system's temporary directory or user-specified path ... This skill does not access or modify files outside of its designated directories.
Clarify that user-specified download paths may be outside temp directories and review paths before saving files.