High-performance browser automation for heavy scraping, multi-tab management, and precise DOM extraction. Use this when you need speed, reliability, or advanced state management (cookies/local storage) beyond standard web fetching.
Security Analysis
medium confidenceThe skill's code and README mostly match a browser-automation tool, but there are several inconsistencies (install/env metadata vs SKILL.md) and explicit instructions that enable session capture and bot-evasion that warrant caution before installing or granting autonomous use.
The repository code, tools, and tests align with a Rust-based Chrome automation tool (headless_chrome, many navigation/extract tools, an MCP server). However the registry metadata claims no required env/install while SKILL.md explicitly lists an install (brew/cargo) and a required env CHROME_PATH. That mismatch is unexpected and unexplained. The presence of an MCP server and CLI is coherent with the stated purpose but increases functionality surface (remote/control channels).
SKILL.md contains normal automation recipes (navigate, snapshot, sitemap) but also recipes that explicitly describe bot-evasion ('human-emulation') and a 'Login & Cookie Heist' workflow that says to 'steal the session' (save/load session cookies). Those instructions are within scraping functionality but are dual-use and can enable account takeover or credential misuse if used improperly. SKILL.md also directs injecting JS into pages (normal for this tool) but does not ask to access unrelated system files or other environment secrets; however the wording encourages activities that may be unlawful or abusive.
SKILL.md recommends installing via a brew formula 'rknoche6/tap/fast-browser-use' (a third‑party tap) or via cargo 'fast-browser-use'. Using a personal brew tap is higher-risk than official taps; cargo install is typical but the Cargo.toml inside the repo names the crate 'browser-use' (inconsistent with 'fast-browser-use'), which could cause confusion or point to a different published package. The skill bundle includes full source, so installing from these third-party distribution channels should be verified before use.
Registry metadata lists no required env vars, but SKILL.md declares CHROME_PATH as required and example envs like BROWSER_HEADLESS. The tool legitimately needs Chrome/Chromium and a path to it, so CHROME_PATH is reasonable — but the metadata/manifest mismatch is concerning and could lead to missing runtime requirements or unexpected prompts. No unrelated credentials are requested in the package, which is appropriate.
The skill does not request 'always: true' and model invocation is enabled by default (normal). The repository includes an MCP server (rmcp) binary which, if run, exposes a programmatic control surface for models/clients; this is coherent with the advertised AI-driven automation but expands the attack surface and means you should be careful about exposing the MCP server to untrusted networks or allowing autonomous invocation without restrictions.
Guidance
This skill appears to implement a capable Rust-based Chrome automation tool, but there are multiple red flags you should check before installing or enabling it for autonomous use: - Metadata vs SKILL.md mismatch: The registry claims no env/install but SKILL.md requires CHROME_PATH and lists brew/cargo installers. Confirm the actual runtime requirements (Chrome/Chromium installation and CHROME_PATH) before use. - Verify install sources: SKILL.md points at a third-party brew tap (rknoche6/tap) and a cargo package name that may not match the repo. Only install from sources you trust — inspect the brew tap and crates.io package page, and prefer building from the included source if you can audit it. - Session-saving recipe: The README explicitly shows saving/loading session files and uses wording like 'steal the session'. That is dual-use — it is useful for legitimate automation but can be abused to hijack accounts. Do not use session import/export on accounts you do not own. Treat saved session files (auth.json) as sensitive data. - Bot-evasion features: 'Human-emulation' and jitter to bypass detection are provided. These enable scraping of protected sites and may violate terms of service or laws — only use in compliance with site policies and applicable law. - MCP server exposure: If you run the included mcp-server, avoid exposing it to untrusted networks or allowing unreviewed autonomous agents to call it. It provides programmatic control of a browser and could be abused if reachable. Recommended actions before installing: - Inspect the included source for any outbound network calls or hidden endpoints (the bundled files appear to be local code only, but verify). Run a quick grep for unexpected URLs or telemetry. - Verify the brew tap and cargo package identities on their official hosting pages (GitHub releases, crates.io) and ensure they match this repo's author. - Consider building locally from the provided source and running it in a sandboxed environment (container or VM). - Do not enable autonomous invocation or expose the MCP server until you have validated behavior and trust the author. If you want, I can: (a) list commands to locally build and run the tool in a container, (b) search the repository for network endpoints/telemetry strings, or (c) help craft sandboxing/runbook instructions for safe testing.
Latest Release
v1.0.5
- Added a new sitemap tool for discovering and analyzing website structure. - Introduced the `sitemap` command with options for basic sitemap discovery and advanced page structure analysis. - Updated documentation with usage examples and sample output for the new sitemap feature.
Popular Skills
Published by @rknoche6 on ClawHub
