Back to plugin

Security audit

Browser Use

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real browser automation plugin, but it gives the agent broad control over a browser and possible logged-in sessions, so users should review it carefully before enabling.

Before installing, decide whether you are comfortable letting OpenClaw automate a browser. Use a separate browser profile when possible, avoid logged-in sessions for sensitive accounts, verify the browser-use installer, and require explicit approval before the agent submits forms, changes account data, posts content, or makes purchases.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
dist/index.js:16
Evidence
const child = spawn("browser-use", argv, {

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
src/index.ts:23
Evidence
const child = spawn("browser-use", argv, {