← Back to Skills Marketplace
neothelobster

Ghost Browser

by Neo The Lobster · GitHub ↗ · v1.0.4
cross-platform ⚠ suspicious
514
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install neo-stealth-browser
Description
Automated Chrome browser using nodriver for AI agent web tasks. Full CLI control with LLM-optimized commands — text-based interaction, markdown output, sessi...
Usage Guidance
This skill mostly does what it says (Chrome automation using nodriver), but there are packaging and install inconsistencies and it will store session cookies and profiles locally. Before installing: 1) Review the full Python script (scripts/stealth_browser.py) for any network endpoints or unexpected behavior you don't trust. 2) Do not run setup.sh blindly — it installs packages and attempts to make a CLI executable but references a non-existent path (scripts/ghost-browser), indicating a broken package. 3) Consider running the skill in an isolated environment (VM/container) or test account to avoid exposing real credentials. 4) If you plan to persist sessions, be aware cookies/localStorage are stored under ~/.openclaw/... and can contain sensitive tokens. 5) Prefer skills with an identifiable source/homepage or official releases; if you need this capability, request a corrected package (matching filenames and a clear install spec) or a signed release from the author.
Capability Analysis
Type: OpenClaw Skill Name: neo-stealth-browser Version: 1.0.4 The OpenClaw AgentSkills skill bundle 'neo-stealth-browser' is classified as suspicious due to its powerful capabilities that, while intended for legitimate browser automation and anti-bot evasion, pose significant risks if misused. Key indicators include the `eval` command in `scripts/stealth_browser.py` and `SKILL.md`, allowing arbitrary JavaScript execution within the browser context. Additionally, the skill supports downloading files from arbitrary URLs (`_handle_download` in `stealth_browser.py`) and installing/loading Chrome extensions (`cmd_install_extension`, `_handle_load_extension`), which could be exploited to fetch and execute malicious payloads or install compromised browser extensions. While the skill's documentation and code include defensive prompt injection and transparency regarding data storage, these powerful primitives, combined with advanced anti-detection techniques (e.g., mouse event patching, human-like clicks, reCAPTCHA evasion), elevate the risk profile to suspicious, as they could facilitate sophisticated attacks if the agent is compromised or given malicious instructions.
Capability Assessment
Purpose & Capability
The name/description align with what the files implement: a Python-based Chrome automation daemon using nodriver. Required binaries (python3, Chrome/Chromium) and a pip dependency on nodriver are appropriate. However the package shows signs of sloppy packaging: _meta.json version differs from registry metadata, and the repo/source/homepage are unknown — reducing traceability.
Instruction Scope
SKILL.md instructs the agent to use the local ghost-browser CLI for navigation, element interaction, and session save/load. The runtime instructions stay within the stated purpose (browser automation). They do direct the agent to persist and restore sessions (cookies/localStorage), which will store authentication state locally — expected for this functionality but sensitive.
Install Mechanism
The registry declares no install spec, but repository includes setup.sh and requirements.txt that create a venv and pip-install nodriver. That mismatch is an inconsistency. The setup.sh also tries to chmod +x a script path (scripts/ghost-browser) that does not appear in the file manifest (the provided script is scripts/stealth_browser.py), which likely means the packaged setup is broken or mismatched. Because the skill executes local Python and installs packages, you should not run setup scripts without review.
Credentials
No environment variables or external credentials are requested. The code writes state, profiles, logs, cookies and session files into ~/.openclaw/... which is proportional to a browser automation tool but means the skill will store potentially sensitive cookies/auth tokens on disk under the user's account.
Persistence & Privilege
The skill does persist state (profiles, sessions, cookies) to the user's home directory. It is not force-included (always:false) and does not request elevated system privileges, but persistence of session cookies/localStorage increases the sensitivity of what is stored locally and the blast radius if the skill were compromised.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install neo-stealth-browser
  3. After installation, invoke the skill by name or use /neo-stealth-browser
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.4
Fix Chrome requirement in requires.bins, setup.sh references ghost-browser consistently, extension renamed to cdp-input-fix, removed old stealth-browser CLI wrapper
v1.0.3
Fix Chrome requirement in requires.bins, setup.sh references ghost-browser consistently, extension renamed from turnstile-patch to cdp-input-fix, removed old stealth-browser CLI wrapper
v1.0.2
Fix Chrome requirement, naming consistency, extension rename
v1.0.1
Removed mcporter.json auto-modification for security
v1.0.0
Initial release — undetected Chrome browser with LLM-optimized commands, bypasses Cloudflare/DataDome/hCaptcha
Metadata
Slug neo-stealth-browser
Version 1.0.4
License
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is Ghost Browser?

Automated Chrome browser using nodriver for AI agent web tasks. Full CLI control with LLM-optimized commands — text-based interaction, markdown output, sessi... It is an AI Agent Skill for Claude Code / OpenClaw, with 514 downloads so far.

How do I install Ghost Browser?

Run "/install neo-stealth-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ghost Browser free?

Yes, Ghost Browser is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Ghost Browser support?

Ghost Browser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ghost Browser?

It is built and maintained by Neo The Lobster (@neothelobster); the current version is v1.0.4.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments