v1.0.0

Fast Browser Use Local

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:08 AM.

Analysis

This is a real local browser automation tool, but it explicitly promotes anti-bot evasion and saves/reuses login cookies, so it should be reviewed carefully before use.

GuidanceInstall only if you specifically need local Chrome automation and trust the source. Use it only on sites and accounts where you have permission, avoid the anti-bot and protected-scraping recipes, keep Chrome sandboxing enabled where possible, protect or delete saved cookie/session files, and prefer local stdio MCP operation over unauthenticated HTTP/SSE.

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

### 1. Bypass "Bot Detection" via Human Emulation
Simulate mouse jitter and random delays to scrape protected sites.

The skill explicitly tells agents to evade anti-bot controls and scrape protected sites, which is materially riskier than ordinary user-directed browsing or DOM extraction.

User impactAn agent using this skill could be directed into unauthorized scraping or site-policy violations.

RecommendationUse only on sites where you have permission, avoid anti-bot evasion workflows, and require explicit user approval before scraping protected or authenticated sites.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

src/bin/cli.rs

let options = LaunchOptions::default().sandbox(false);

The CLI launches Chrome with the sandbox disabled in visible command paths while navigating to arbitrary web pages, and this is not clearly disclosed as a safety tradeoff.

User impactIf the browser visits a malicious page, disabling the browser sandbox can increase the potential local-system impact.

RecommendationKeep the Chrome sandbox enabled by default, document any need to disable it, and require an explicit user choice for sandbox-off operation.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

### 3. Login & Cookie Heist
Log in manually once, then steal the session for headless automation.

The wording normalizes session theft and could lead users or agents to underestimate the sensitivity of saved authentication cookies.

User impactUsers may treat risky cookie reuse as a harmless convenience even though it can grant account access.

RecommendationReframe the documentation around explicit, authorized session export; warn users that cookie files are sensitive credentials.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

skills.yaml

permissions:
  - network
  - filesystem
main: index.js
runtime: node

This metadata describes a Node runtime and index.js entry point, while the supplied implementation is Rust-based and the manifest does not list an index.js file.

User impactInstallers or users may be confused about which artifact is actually executed, increasing supply-chain and provenance uncertainty.

RecommendationVerify the package source, entry point, and installed binary before use; keep registry metadata aligned with the actual Rust CLI/MCP implementation.

Unexpected Code Execution

SeverityLowConfidenceMediumStatusNote

src/tools/convert_to_markdown.js

var loadReadability = new Function(

The static scan detected dynamic JavaScript execution used for page conversion; this appears purpose-aligned for browser automation but still requires trust in the bundled scripts and invocation context.

User impactInjected JavaScript can read or transform page content in the active browser context.

RecommendationUse the tool only in trusted browsing workflows and review bundled JavaScript before using it with sensitive authenticated pages.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

src/bin/cli.rs

struct SessionData {
    cookies: Vec<headless_chrome::protocol::cdp::Network::Cookie>,
...
let cookies = session.get_cookies()?;
...
fs::write(&save_session, json)?;

The CLI saves browser cookies to a file and can later load them as an authenticated session, which is high-impact account/session authority.

User impactA saved cookie file may allow access to logged-in accounts if copied, exposed, or reused unintentionally.

RecommendationOnly save sessions for accounts you control, store cookie files securely, delete them when finished, and avoid using broad personal or work browser profiles.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

src/bin/mcp_server.rs

Transport::Sse ... Transport::Http ... let bind_addr = format!("127.0.0.1:{}", cli.port);

The MCP server can expose browser-control tools over local HTTP/SSE transports; it binds to localhost, but the artifacts do not show an authentication layer.

User impactWhile the server is running, another local process or agent could potentially connect and drive the browser through the exposed MCP endpoint.

RecommendationPrefer stdio transport when possible, keep HTTP/SSE bound to localhost, stop the server when not in use, and add authentication if exposing it beyond a trusted local environment.