← Back to Skills Marketplace
Stealth Browser
by
The Zealot
· GitHub ↗
· v1.0.0
715
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install xthezealot-stealth-browser
Description
Access websites with advanced bot protection to fetch HTML, screenshots, PDFs, or multiple pages in parallel using isolated browser contexts.
Usage Guidance
This skill appears to do what it claims (stealth browsing), but there are a few practical risks you should weigh before installing:
- Command-injection risk: The skill constructs shell commands by inserting user-provided URLs/arguments directly into execSync calls. If untrusted input reaches those args, it could be abused to run arbitrary shell commands. Ask the author to properly escape/avoid shell interpolation or run the child process with execFile/spawn and argument arrays.
- Auto-install side-effect: onLoad runs 'npm install' in the skill directory, which will fetch many packages from the public npm registry and place them on disk. That means code is pulled and executed at load time — consider running this in an isolated environment or vetting the package-lock.json and packages first.
- Sandbox flags: The browser is launched with --no-sandbox and --disable-setuid-sandbox. Those flags are often required in certain environments but reduce process isolation; avoid running this on a high-value host or run inside a hardened container.
- Filesystem and network access: The skill writes output to /tmp and performs arbitrary network requests to target sites (including sites behind bot protections). Ensure this behavior is acceptable for your environment and that you are not violating terms of service or local policies.
Recommendations: only use in an isolated VM/container, review/verify package-lock.json or run npm install in an offline/vetted mirror, request the author to fix unsafe execSync usage (use argument arrays or escaping), and confirm you are comfortable with automatic dependency installation and running Chromium with the provided flags.
Capability Analysis
Type: OpenClaw Skill
Name: xthezealot-stealth-browser
Version: 1.0.0
The skill is classified as suspicious due to a critical shell injection vulnerability in `index.js`. User-provided URLs are directly concatenated into a command executed via `child_process.execSync` without proper sanitization. This allows an attacker to inject arbitrary shell commands, leading to potential Remote Code Execution (RCE) on the host system. For example, a crafted URL like `https://example.com; rm -rf /` could execute `rm -rf /`. While the core functionality of a 'stealth browser' is benign, this severe input sanitization flaw makes the skill highly risky, even though there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, persistence) by the skill's developer.
Capability Assessment
Purpose & Capability
Name, README, SKILL.md, package.json and code all consistently implement a headless browser that tries to evade bot-detection (playwright-extra + stealth plugin). Requesting no env vars and no exotic system access is coherent; it does expect a system Chromium at /usr/bin/chromium as documented.
Instruction Scope
Runtime code (index.js -> execSync -> stealth-browser.js) executes arbitrary navigation to URLs provided by users and writes screenshots/PDFs to /tmp. The runBrowser command constructs a shell command by interpolating args directly into execSync without escaping — this creates a risk of shell/command injection if input is not strictly validated. The onLoad hook will also run 'npm install' in the skill directory, which is an automatic side-effect not described in SKILL.md.
Install Mechanism
There's no declared install spec, but index.js's onLoad automatically runs 'npm install' if node_modules is missing. That will download and install many dependencies from the public npm registry (package-lock.json lists many packages). Using npm is expected here, but automatic installation at skill load time increases risk because new code is fetched/executed in the agent environment without an explicit install step.
Credentials
The skill declares no required environment variables or credentials and the code doesn't access external credentials. It does require network access to fetch target websites and filesystem write access to /tmp for screenshots/PDFs; those are proportional to its stated functionality.
Persistence & Privilege
always is false and the skill does not request system-wide settings or modify other skills. The onLoad npm install behavior gives it the ability to modify its own directory (create node_modules), which is typical for Node-based skills but worth noting.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install xthezealot-stealth-browser - After installation, invoke the skill by name or use
/xthezealot-stealth-browser - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Stealth Browser?
Access websites with advanced bot protection to fetch HTML, screenshots, PDFs, or multiple pages in parallel using isolated browser contexts. It is an AI Agent Skill for Claude Code / OpenClaw, with 715 downloads so far.
How do I install Stealth Browser?
Run "/install xthezealot-stealth-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Stealth Browser free?
Yes, Stealth Browser is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Stealth Browser support?
Stealth Browser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Stealth Browser?
It is built and maintained by The Zealot (@xthezealot); the current version is v1.0.0.
More Skills