Browser Automation 浏览器自动化
Security checks across malware telemetry and agentic risk
Overview
This skill includes ordinary browser automation, but it also explicitly teaches and implements evasion of website bot defenses, CAPTCHA handling, persistent login sessions, and external billing behavior.
Avoid installing this skill for ordinary browser automation. If you use it at all, restrict it to websites you own or are explicitly authorized to test, remove anti-detection and CAPTCHA-bypass workflows, protect or delete saved session files, and verify the external SkillPay billing behavior before running any code.
VirusTotal
67/67 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill could help an agent evade website defenses, violate site terms, or perform scraping/account automation that target sites are trying to block.
The skill provides explicit guidance for bypassing CAPTCHA and commercial bot-protection systems, which is not just normal browser automation.
“Cloudflare 5秒盾” ... “解决方案:使用undetected-chromedriver或类似工具” and “reCAPTCHA v3 | 分数绕过 | 行为优化、指纹管理”
Do not use this skill for third-party sites unless you have explicit authorization; remove CAPTCHA/bot-defense bypass content and keep automation limited to owned or approved systems.
Automation may be run in a stealthier way than users or target sites expect, increasing abuse and compliance risk.
Included runnable code launches the browser with an anti-automation-detection flag, showing the evasion behavior is implemented, not only documented.
args=['--disable-blink-features=AutomationControlled']
Remove stealth flags and anti-detection defaults; require clear user confirmation and site authorization before any scraping or form submission.
Saved login sessions could allow later browser actions under the user's account, and the session file may expose account access if mishandled.
The script persists and automatically reloads browser authentication state, which can contain cookies and session tokens, without clear scoping, encryption, retention, or deletion guidance.
if use_saved_state and os.path.exists(self.state_file): storage_state = self.state_file ... self.context.storage_state(path=self.state_file)
Use separate test accounts, store session files securely, delete them after use, and avoid loading real browser cookies or sessions unless strictly necessary and explicitly approved.
The skill may contact an external billing provider and attempt charges tied to a user identifier, while the credential handling is not cleanly declared or isolated.
The payment helper embeds a billing API key in source code and can call an external charge endpoint; this conflicts with _meta.json, which says the API key should come from an environment variable.
BILLING_API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" ... requests.post(f"{BILLING_API_URL}/api/v1/billing/charge"Do not run the payment helper unless you understand the billing flow; the publisher should remove hard-coded secrets, use declared environment variables, and require explicit user consent before charging.
Installing dependencies without pinning may pull newer code than the reviewed artifact expected.
The dependency list uses broad lower-bound version ranges; this is common for Python tools, but future package versions could change behavior.
playwright>=1.40.0 selenium>=4.15.0 requests>=2.31.0
Install in a virtual environment, pin exact dependency versions, and avoid running the skill with elevated privileges.