ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CamoFox MCP

v1.10.0

Anti-detection browser automation MCP skill for OpenClaw agents with 41 tools for navigation, interaction, extraction, downloads, profiles, sessions, and ste...

0· 554·1 current·1 all-time
by@redf0x1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (anti-detection browser automation) align with the declared tools (tabs, navigation, interaction, snapshotting, cookies, downloads, profiles, web_search). The manifest, SKILL.md, and tool catalog are coherent with this purpose.
!
Instruction Scope
SKILL.md instructs running a local MCP server and exposes many powerful ops (import/export cookies, retrieve downloaded files, resolve blobs to base64, list/get downloads). Those tools legitimately belong to a browser-automation product, but they allow reading and returning session cookies and arbitrary downloaded content (potentially sensitive). The instructions also show optional API keys and allow choosing ports — which could be used to bind the service to non-localhost and accept remote requests.
!
Install Mechanism
There is no packaged install spec; the runtime setup uses 'npx camofox-mcp@1.10.0', which will fetch and execute code from the npm registry at runtime. That is a moderate-to-high risk pattern because it executes third-party code with no checksum or provenance provided. The included setup.sh simply runs the npx command (no verification).
Credentials
The skill does not require environment variables or credentials by metadata, and SKILL.md only shows optional vars (CAMOFOX_API_KEY, CAMOFOX_HTTP_PORT, CAMOFOX_TRANSPORT). That is proportionate. However, the skill's ability to import cookies and download resources means it can handle secrets/data at runtime even though none are explicitly requested — users should be aware this capability can surface sensitive data stored in browser sessions.
Persistence & Privilege
always:false and model invocation is allowed (normal). The skill does not request permanent platform privileges, but running the MCP server via npx will create a local HTTP control endpoint (manifest lists http://localhost:3000/mcp). If the operator configures a non-localhost bind/port, this could expose remote control; verify binding and firewall configuration before running.
What to consider before installing
This skill is coherent for anti-detection browser automation but carries practical risks you should evaluate before installing: - npx will download and run code from the npm registry at runtime. Only run it if you trust the package author; inspect the upstream package (https://github.com/redf0x1/camofox-mcp) and consider fetching a signed release or pinned checksum. - The skill exposes powerful data-handling tools (import_cookies, get_download, resolve_blobs). These can return session cookies, file contents, or internal resources — treat them as high-sensitivity operations. - Ensure the MCP server binds to localhost and is not reachable from untrusted networks (don't set ports or host bindings to 0.0.0.0 unless you intentionally want remote access). Use firewall rules or run in an isolated VM/container if possible. - If you need to run this for evaluation, do so in an isolated environment (sandbox/VM) with no access to production secrets or corporate internal networks. - If you plan production use, verify the npm package source, review the package contents, and prefer pinned versions/checksums and a private mirror or vendor review before allowing the agent to run it automatically.

Like a lobster shell, security has layers — review code before you run it.

ai-agentvk97ba37vczbn5wdxnba6e1a2jh81t3y4anti-detectionvk97ba37vczbn5wdxnba6e1a2jh81t3y4browser-automationvk97ba37vczbn5wdxnba6e1a2jh81t3y4camofoxvk97ba37vczbn5wdxnba6e1a2jh81t3y4latestvk97ba37vczbn5wdxnba6e1a2jh81t3y4mcpvk97ba37vczbn5wdxnba6e1a2jh81t3y4stealthvk97ba37vczbn5wdxnba6e1a2jh81t3y4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments