Remote Browser Service
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate remote-browser controller, but it sends browser activity to an unknown external service and supports stored sessions, so it deserves careful review before use.
Install only if you trust the remote browser provider. Use it on authorized, low-sensitivity sites first; prefer ephemeral sessions; avoid entering passwords or private data unless necessary; and confirm how stored sessions, screenshots, logs, and tokens are protected and deleted.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could click, type, fill forms, and press keys in a remote browser session.
The skill intentionally gives the agent broad browser-control abilities. This is purpose-aligned, but these actions can also submit forms or change web-account state if used on sensitive sites.
Use for web automation, form filling, navigation, and page inspection on sites the user owns or has permission to access. ... DOM (`/action`) `click`, `type`, `fill`, `press` ... VNC (`/vnc/action`) `click`, `type`, `press`
Use it only for sites you are authorized to automate, and require explicit review before logins, purchases, postings, form submissions, or account changes.
Anyone with the token may be able to access or control the user’s browser sessions, depending on the service’s permissions.
The skill requires an API token or key for the remote browser service. That is expected for this integration, but the query-string token option can expose credentials in URLs or logs.
Auth — Pass `Authorization: Bearer <token>` or `X-API-Key`, or `?access_token=<token>` ... `AC_API_KEY` ... secret: true
Prefer Authorization headers or secret environment variables over query-string tokens, use least-privilege tokens if available, and rotate tokens if they may have been logged.
Users must trust the remote service operator without much supporting provenance in the provided artifacts.
There is no local package to inspect and no listed homepage/source for the remote service. This is not proof of malicious behavior, but it limits provenance review for a service that handles sensitive browser activity.
Source: unknown; Homepage: none ... No code files present — this is an instruction-only skill.
Verify the service owner, privacy policy, and operational controls before using it with sensitive accounts or data.
A later task could inherit a previous browser session, including logged-in state or site context, and pages visited earlier could influence later automation.
Stored, resumable, and forkable browser sessions can carry cookies, login state, page state, or prior-task context into later tasks. The provided artifacts do not clearly state retention limits, deletion controls for stored sessions, or safeguards against reusing sensitive state unexpectedly.
Or restore — Use stored session from `GET /api/stored-sessions` ... Fork from stored session: `{"session_id": "my-fork", "from": "original-session"}` ... Connect via WebSocket to `/ws/{session_id}` to resume.Use ephemeral sessions for sensitive work, avoid saving logged-in sessions unless necessary, and confirm there is a clear way to delete stored sessions and clear cookies.
Sensitive webpages, credentials typed into forms, screenshots, or account activity may pass through the remote service.
The remote browser provider can receive or expose webpage text, screenshots, framebuffer data, and input actions. The provided artifacts do not define data boundaries, tenant isolation, logging, or who operates the endpoint.
Base URL: `https://rb.all-completed.com` ... Exposes the accessibility tree, text extraction, Chrome screenshots, VNC-native screenshots ... Send VNC input
Do not use this skill with confidential sites or personal accounts unless you trust the provider and understand its storage, logging, and isolation guarantees.