Fastest Browser Use
WarnAudited by ClawScan on May 10, 2026.
Overview
This browser automation skill mostly matches its stated purpose, but it explicitly promotes bypassing bot detection and reusing saved login sessions, which creates material account and compliance risk.
Review carefully before installing. This skill is powerful browser automation: use it only for authorized scraping or testing, avoid the bot-detection-bypass workflows, do not load saved sessions for sensitive accounts unless you explicitly approve it, and protect or delete any saved auth/session files.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could scrape sites in ways that violate site rules, trigger account bans, or create legal/compliance exposure.
The skill explicitly instructs agents to evade bot-detection controls for scraping, which is high-impact browser automation beyond ordinary page fetching.
### 1. Bypass "Bot Detection" via Human Emulation Simulate mouse jitter and random delays to scrape protected sites.
Use only on sites you own or are authorized to test; remove or disable anti-bot-bypass recipes, add rate limits, and require explicit user confirmation for protected or logged-in sites.
A saved session file may let the agent access private or sensitive account data as the user, and misuse could affect accounts or violate provider policies.
The documented workflow saves and reloads authenticated browser session state, giving the agent delegated access to the user's logged-in account.
### 3. Login & Cookie Heist Log in manually once, then steal the session for headless automation. ... --save-session ./auth.json ... --load-session ./auth.json
Only save sessions for accounts you control, store session files securely, delete them after use, and require explicit approval before loading any authenticated session.
If the bundled script or its inputs were tampered with, code could execute in the browser context during page conversion.
The static scan shows dynamic JavaScript construction in the markdown conversion path. This may be purpose-aligned for injecting a readability parser, but it increases the need to trust the bundled script.
var loadReadability = new Function(
Audit this file before installation, avoid executing untrusted script strings, and prefer static bundled code paths where possible.
Users may install a binary or crate whose provenance is not fully represented in the registry metadata.
The skill points to external install sources, while the registry metadata says there is no install spec. This is a provenance/packaging gap users should verify.
install:
- kind: brew
formula: rknoche6/tap/fast-browser-use
- kind: cargo
package: fast-browser-useVerify the GitHub repository, brew tap, and cargo package before installing, and prefer pinned versions or reviewed source builds.
If the MCP server is run on an exposed interface, another client could potentially drive the browser or access page/session data.
The project includes MCP server support with network-capable transports, which can expose browser-control tools to another agent or client if enabled.
mcp-server = [ ... "rmcp/transport-sse-server", "rmcp/transport-streamable-http-server", "axum", ... ]
Run MCP transports only locally or behind authentication, and connect only trusted agents to this browser-control server.