CamoFox MCP
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This skill openly provides stealth browser automation that can avoid site bot defenses, control logged-in sessions, and run an external MCP package, so it should be reviewed carefully before use.
Install only if you intentionally need stealth browser automation for authorized sites. Inspect the external npm package first, run it locally or in a sandbox, do not expose the MCP endpoint publicly, use dedicated low-privilege browser profiles, and require explicit approval before authenticated browsing, cookie import, form submission, batch clicking, scraping, or downloads.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could automate websites in ways that evade their defenses and perform broad actions such as clicking, form submission, scraping, or downloading without enough built-in boundaries.
The skill explicitly advertises anti-detection behavior aimed at bypassing site bot protections, and pairs it with tools for navigation, clicking, typing, extraction, downloads, and batch workflows.
Most browser automation flows eventually hit CAPTCHAs, fingerprint checks, or bot detection... Anti-detection fingerprinting per tab/session... without the high block rates common with standard automation stacks.
Use only on sites and accounts where you have permission, require explicit approval before logins, form submissions, batch clicks, downloads, or scraping, and define allowed domains and task limits.
If an agent uses or saves session cookies, it may act as the logged-in user across websites and future tasks.
Cookies and saved profiles can grant authenticated account access. The artifacts do not clearly bound which accounts may be used, how profiles are stored, or when the user must approve reuse.
Session persistence via cookie/profile tools... import_cookies: Import cookies for authenticated sessions... save_profile: Save tab cookies to a named profile... load_profile: Load saved profile cookies into a tab.
Use dedicated low-privilege browser profiles, avoid importing sensitive cookies, delete saved profiles when finished, and require user confirmation before using authenticated sessions.
Installing or launching the skill may run code that was not present in the reviewed package, and that code controls browser automation and sessions.
The launcher executes an external npm package at runtime. The reviewed artifacts do not include the MCP server source that implements the high-impact browser, cookie, and download tools.
CAMOFOX_TRANSPORT=http npx camofox-mcp@1.10.0
Inspect the npm package and repository before running, pin and verify the package source where possible, and run it in a sandboxed environment.
A mistaken or overbroad instruction could cause the agent to run page scripts that read or alter page state beyond the intended task.
JavaScript execution is purpose-aligned for browser automation, but it gives the agent a raw code-execution capability inside pages.
camofox_evaluate_js
description: Execute JavaScript in isolated page context.Allow JavaScript evaluation only for clearly scoped tasks and review the target page and script purpose before execution.
If the MCP endpoint is exposed beyond the local machine, another client could potentially control the browser session or access page/download data.
The skill exposes browser automation over an HTTP MCP endpoint. Defaults shown are localhost, but the artifacts also mention remote-compatible clients and do not require authentication metadata.
Native HTTP MCP endpoint for OpenClaw and remote MCP-compatible clients
Keep the MCP server bound to localhost, use an API key or other access control if remote access is enabled, and do not expose it on untrusted networks.