Trust Assessment
stealth-browser received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 20 findings: 12 critical, 3 high, 4 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary command execution, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings20
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:70 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:106 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:123 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:156 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:173 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:230 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:250 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:267 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:301 | |
| CRITICAL | Network egress to untrusted endpoints Python requests POST/PUT to URL Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:317 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/mayuqi-crypto/stealth-browser/scripts/task_runner.py:88 | |
| CRITICAL | Command Injection via subprocess.run(shell=True) The `run_with_timeout` function in `scripts/task_runner.py` uses `subprocess.run` with `shell=True`. If the `cmd` argument to this function can be influenced by untrusted input (e.g., from user input or a task configuration file), it creates a direct command injection vulnerability, allowing arbitrary shell commands to be executed. Avoid using `shell=True` with `subprocess.run`. Instead, pass the command and its arguments as a list to `subprocess.run` (e.g., `subprocess.run(['command', 'arg1', 'arg2'])`). If `shell=True` is strictly necessary, ensure that the `cmd` argument is fully sanitized and cannot be influenced by untrusted input. | LLM | scripts/task_runner.py:100 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'run_with_timeout'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/mayuqi-crypto/stealth-browser/scripts/task_runner.py:88 | |
| HIGH | Plaintext Storage of API Keys and Proxy Credentials The skill instructs users to store sensitive API keys for CAPTCHA solvers (`~/.clawdbot/secrets/captcha.json`) and proxy configurations (`~/.clawdbot/secrets/proxies.json`) in plaintext JSON files. These files are then read by `scripts/solve_captcha.py` and `scripts/proxy_rotate.py` respectively. While this is the intended functionality, storing credentials in plaintext on the filesystem poses a significant risk if the user's home directory or the system itself is compromised. Implement a more secure method for storing credentials, such as using environment variables, a dedicated secrets management service (e.g., HashiCorp Vault, AWS Secrets Manager), or an encrypted local store. If local file storage is unavoidable, ensure strict file permissions (e.g., `chmod 600`) and encrypt the contents at rest. | LLM | SKILL.md:78 | |
| HIGH | Data Exfiltration via Sensitive URL Logging The `scripts/smart_login.py` script logs login attempts, including the full URL, to `~/.clawdbot/browser-sessions/attempts.json`. If the target website's login process includes sensitive information (e.g., authentication tokens, temporary passwords, or other PII) in the URL's query parameters or path, this information will be logged in plaintext, leading to data exfiltration to a local file. Sanitize URLs before logging them. Remove or redact sensitive query parameters or path segments. Consider logging only the domain or a hashed version of the URL if full URL logging is not strictly necessary. Ensure the log file has appropriate access permissions. | LLM | scripts/smart_login.py:20 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mayuqi-crypto/stealth-browser/scripts/cf_bypass.py:9 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mayuqi-crypto/stealth-browser/scripts/proxy_rotate.py:10 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/mayuqi-crypto/stealth-browser/scripts/solve_captcha.py:9 | |
| MEDIUM | JavaScript Injection via Unescaped localStorage Values The `scripts/stealth_session.py` and `scripts/solve_captcha.py` scripts directly embed `localStorage` values into JavaScript strings using f-strings (e.g., `localStorage.setItem('{k}', '{v}');`) without proper escaping for single quotes. If a saved `localStorage` value (which could originate from a malicious website or be tampered with in the session file) contains a single quote, it could break out of the string and lead to arbitrary JavaScript execution within the browser context when the session is loaded or a token is injected. Ensure all values embedded into JavaScript strings are properly escaped. For `localStorage.setItem`, use `json.dumps()` for the value to correctly handle quotes and other special characters, similar to how `scripts/login_session.py` handles it. For `solve_captcha.py`, ensure the `token` is properly escaped before injection. | LLM | scripts/stealth_session.py:140 | |
| INFO | Unpinned Dependencies in Setup Instructions The `SKILL.md` provides setup instructions using `npm install -g` and `pip install` without specifying exact version numbers for the dependencies (e.g., `puppeteer-extra`, `undetected-chromedriver`, `DrissionPage`). This practice can lead to supply chain risks, as future installations might pull in incompatible, buggy, or even malicious versions of packages if a dependency is compromised or updated with breaking changes. Pin all dependencies to specific versions (e.g., `pip install package==1.2.3`, `npm install -g package@1.2.3`). Use a `requirements.txt` file for Python and `package.json` with locked versions for Node.js to ensure deterministic installations. | LLM | SKILL.md:70 |
Scan History
Embed Code
[](https://skillshield.io/report/9d6a022011c61006)
Powered by SkillShield