stealth-browser
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/task_runner.pyfile contains a utility functionrun_with_timeoutthat usessubprocess.runwithshell=True. While this is a common implementation for automation tasks and is used in a context where the agent already has shell access (via theBashtool), it is documented here as a pattern to be handled with care regarding the source of command strings. - [EXTERNAL_DOWNLOADS]: The skill utilizes well-known and reputable external resources and libraries for its operation. This includes installing automation frameworks like
DrissionPageandundetected-chromedriverfrom official registries, and interacting with established third-party services like 2Captcha, Anti-Captcha, and FlareSolverr for challenge resolution. All external interactions align with the skill's stated purpose. - [SAFE]: The skill implements security best practices for secret management by instructing users to provide API keys and proxy credentials in local configuration files (
~/.clawdbot/secrets/) rather than hardcoding them. The architecture follows a logical, modular design for browser session persistence and automation.
Audit Metadata