ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Agent Browser Stealth

Stealth-first browser automation for OpenClaw using agent-browser-stealth. Use when tasks involve bot-protected websites, anti-fingerprint evasion, captcha-p...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 367 · 5 current installs · 5 all-time installs
by郭立lee@leeguooooo
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim stealthy browser automation; SKILL.md consistently instructs use of an 'agent-browser' CLI and anti-bot patterns, which fits the declared purpose. However, the doc uses placeholders like $USERNAME and $PASSWORD without declaring required env vars or credentials in the skill metadata — a mismatch between claimed requirements and actual runtime expectations.
!
Instruction Scope
Instructions tell the agent to run a third-party CLI, perform login flows, take snapshots, read element text, and return 'key page state changes' and 'important element text'. That is within automation scope, but it grants broad discretion to capture and report page content (which may include sensitive data). The guidance for connecting to a local CDP (localhost:9333) is expected for browser tooling but also lets the CLI access any connected browser contexts. The SKILL.md does not constrain what data may be returned or how to treat credentials, increasing the risk of accidental exfiltration.
Install Mechanism
No registry install spec in the skill metadata, but the README instructs 'pnpm add -g agent-browser-stealth' and 'agent-browser install' — a global npm/pnpm install from the public registry. This is a common but higher-risk pattern than instruction-only because it pulls and executes third-party code; the SKILL.md does not pin a package version or point to a verified release artifact.
!
Credentials
Skill metadata declares no required env vars or credentials, but the instructions use $USERNAME and $PASSWORD placeholders in login recipes. That mismatch means the skill expects credentials but hasn't declared or justified them. The skill also references connecting to a CDP on localhost:9333 (which may access local browser profiles and session data) — reasonable for automation but a capability the metadata doesn't call out.
Persistence & Privilege
The skill does not request 'always: true' and has no install spec in the registry metadata; it is user-invocable and can be invoked autonomously (platform default). It does instruct installing a global CLI, which would add a tool to the system if the user follows the SKILL.md, but the skill itself doesn't request elevated or persistent platform privileges in the manifest.
What to consider before installing
This skill appears to be a reasonable stealthy browser automation guide, but take precautions before installing or using it: - Treat the pnpm global install as a supply-chain action: verify the npm package and GitHub repo, pin a specific version, and inspect the package source before installing globally. Consider installing in an isolated VM/container rather than your main workstation. - The SKILL.md uses $USERNAME and $PASSWORD but the skill metadata does not declare required credentials. Do not provide real secrets until you confirm how the agent will retrieve, store, and transmit them. Prefer ephemeral/test accounts where possible. - The skill asks you to return page element text and state; that can include PII or secrets. Decide and document what outputs are allowed, and redact or avoid capturing sensitive fields (passwords, OTPs, payment data). - The instructions connect to a local CDP endpoint (localhost:9333). Ensure that endpoint is not exposing other browser profiles or remote machines you don't intend the skill to control. - If you must use this skill, run it in an isolated environment, audit the installed package, pin versions, and limit autonomous invocation until you are comfortable with its behavior. Confidence in this assessment is medium: the skill's behavior is plausible for its stated purpose, but the omissions (undeclared credentials and unpinned third-party install) create real risk and ambiguity.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk97by3pt1nsby3bkm3zx27z2ts8241ns

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

agent-browser-stealth for OpenClaw

Use this skill when the task needs web automation and anti-bot stability.

What this skill prioritizes

  • Use agent-browser CLI from agent-browser-stealth package
  • Prefer stealth-safe interaction patterns over brittle one-shot scripts
  • Keep command flow deterministic: open -> snapshot -> act -> re-snapshot
  • Minimize bot signals with humanized pacing and stable session reuse

Install and baseline

pnpm add -g agent-browser-stealth
agent-browser install
agent-browser --version

If default CDP mode is used in your environment, the CLI first tries localhost:9333 and then auto-discovery. You can still pass --cdp / --auto-connect explicitly when needed.

Standard execution workflow

agent-browser open <url>
agent-browser wait --load networkidle
agent-browser snapshot -i
# choose refs (@e1, @e2, ...)
agent-browser click @eN
agent-browser fill @eM "..."
agent-browser snapshot -i

Use refs (@e1) from snapshot output whenever possible.

Anti-bot operating rules

  1. Prefer headed mode for sensitive targets:
agent-browser --headed --session-name shop open https://example.com
  1. Reuse session state to avoid repeated cold-start fingerprints:
agent-browser --session-name shop open https://example.com
  1. Keep interactions human-like:
agent-browser type @e2 "query" --delay 120
agent-browser wait 1200-2600
  1. For contenteditable editors, use keyboard mode:
agent-browser click "[contenteditable='true']"
agent-browser keyboard type "Hello world" --delay 90
  1. If text must literally include --delay, stop arg parsing with --:
agent-browser type @e2 -- "--delay 120"
agent-browser keyboard type -- "--delay 120"

Region-sensitive websites

For region-bound sites, open target domain directly and let locale/timezone alignment apply.

agent-browser open https://shopee.tw

Only override locale/timezone when explicitly required by the task.

Recovery patterns

If blocked or unstable:

  1. Retry with --headed.
  2. Reuse --session-name.
  3. Slow down action cadence (wait, type --delay).
  4. Re-open page and regenerate refs with snapshot -i.

Minimal recipes

Login flow:

agent-browser --session-name account open https://example.com/login
agent-browser snapshot -i
agent-browser fill @e1 "$USERNAME"
agent-browser fill @e2 "$PASSWORD"
agent-browser click @e3
agent-browser wait --url "**/dashboard"

Search and capture:

agent-browser open https://example.com
agent-browser snapshot -i
agent-browser type @e2 "iphone" --delay 120
agent-browser press Enter
agent-browser wait --load networkidle
agent-browser screenshot result.png

Output expectations for OpenClaw

When using this skill, return:

  • Exact commands executed
  • Key page state changes (URL/title/important element text)
  • Any anti-bot signal encountered and mitigation used
  • Next safe action

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…