ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Fastest Browser Use

High-performance browser automation for heavy scraping, multi-tab management, and precise DOM extraction. Use this when you need speed, reliability, or advanced state management (cookies/local storage) beyond standard web fetching.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
40 · 11.8k · 70 current installs · 79 all-time installs
by@rknoche6
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The repository code, tools, and tests align with a Rust-based Chrome automation tool (headless_chrome, many navigation/extract tools, an MCP server). However the registry metadata claims no required env/install while SKILL.md explicitly lists an install (brew/cargo) and a required env CHROME_PATH. That mismatch is unexpected and unexplained. The presence of an MCP server and CLI is coherent with the stated purpose but increases functionality surface (remote/control channels).
!
Instruction Scope
SKILL.md contains normal automation recipes (navigate, snapshot, sitemap) but also recipes that explicitly describe bot-evasion ('human-emulation') and a 'Login & Cookie Heist' workflow that says to 'steal the session' (save/load session cookies). Those instructions are within scraping functionality but are dual-use and can enable account takeover or credential misuse if used improperly. SKILL.md also directs injecting JS into pages (normal for this tool) but does not ask to access unrelated system files or other environment secrets; however the wording encourages activities that may be unlawful or abusive.
Install Mechanism
SKILL.md recommends installing via a brew formula 'rknoche6/tap/fast-browser-use' (a third‑party tap) or via cargo 'fast-browser-use'. Using a personal brew tap is higher-risk than official taps; cargo install is typical but the Cargo.toml inside the repo names the crate 'browser-use' (inconsistent with 'fast-browser-use'), which could cause confusion or point to a different published package. The skill bundle includes full source, so installing from these third-party distribution channels should be verified before use.
!
Credentials
Registry metadata lists no required env vars, but SKILL.md declares CHROME_PATH as required and example envs like BROWSER_HEADLESS. The tool legitimately needs Chrome/Chromium and a path to it, so CHROME_PATH is reasonable — but the metadata/manifest mismatch is concerning and could lead to missing runtime requirements or unexpected prompts. No unrelated credentials are requested in the package, which is appropriate.
Persistence & Privilege
The skill does not request 'always: true' and model invocation is enabled by default (normal). The repository includes an MCP server (rmcp) binary which, if run, exposes a programmatic control surface for models/clients; this is coherent with the advertised AI-driven automation but expands the attack surface and means you should be careful about exposing the MCP server to untrusted networks or allowing autonomous invocation without restrictions.
What to consider before installing
This skill appears to implement a capable Rust-based Chrome automation tool, but there are multiple red flags you should check before installing or enabling it for autonomous use: - Metadata vs SKILL.md mismatch: The registry claims no env/install but SKILL.md requires CHROME_PATH and lists brew/cargo installers. Confirm the actual runtime requirements (Chrome/Chromium installation and CHROME_PATH) before use. - Verify install sources: SKILL.md points at a third-party brew tap (rknoche6/tap) and a cargo package name that may not match the repo. Only install from sources you trust — inspect the brew tap and crates.io package page, and prefer building from the included source if you can audit it. - Session-saving recipe: The README explicitly shows saving/loading session files and uses wording like 'steal the session'. That is dual-use — it is useful for legitimate automation but can be abused to hijack accounts. Do not use session import/export on accounts you do not own. Treat saved session files (auth.json) as sensitive data. - Bot-evasion features: 'Human-emulation' and jitter to bypass detection are provided. These enable scraping of protected sites and may violate terms of service or laws — only use in compliance with site policies and applicable law. - MCP server exposure: If you run the included mcp-server, avoid exposing it to untrusted networks or allowing unreviewed autonomous agents to call it. It provides programmatic control of a browser and could be abused if reachable. Recommended actions before installing: - Inspect the included source for any outbound network calls or hidden endpoints (the bundled files appear to be local code only, but verify). Run a quick grep for unexpected URLs or telemetry. - Verify the brew tap and cargo package identities on their official hosting pages (GitHub releases, crates.io) and ensure they match this repo's author. - Consider building locally from the provided source and running it in a sandboxed environment (container or VM). - Do not enable autonomous invocation or expose the MCP server until you have validated behavior and trust the author. If you want, I can: (a) list commands to locally build and run the tool in a container, (b) search the repository for network endpoints/telemetry strings, or (c) help craft sandboxing/runbook instructions for safe testing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.5
Download zip
latestvk97bgdnn72699rx9r211re5wyh80a2q4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Fastest Browser Use

A Rust-based browser automation engine that provides a lightweight binary driving Chrome directly via CDP. It is optimized for token-efficient DOM extraction, robust session management, and speed.

Terminal Demo

🧪 Recipes for Agents

1. Bypass "Bot Detection" via Human Emulation

Simulate mouse jitter and random delays to scrape protected sites.

fast-browser-use navigate --url "https://protected-site.com" \
  --human-emulation \
  --wait-for-selector "#content"

2. The "Deep Freeze" Snapshot

Capture the entire DOM state and computed styles for perfect reconstruction later.

fast-browser-use snapshot --include-styles --output state.json

3. Login & Cookie Heist

Log in manually once, then steal the session for headless automation.

Step 1: Open non-headless for manual login

fast-browser-use login --url "https://github.com/login" --save-session ./auth.json

Step 2: Reuse session later

fast-browser-use navigate --url "https://github.com/dashboard" --load-session ./auth.json

4. 🚜 Infinite Scroll Harvester

Extract fresh data from infinite-scroll pages — perfect for harvesting the latest posts, news, or social feeds.

# Harvest headlines from Hacker News (scrolls 3x, waits 800ms between)
fast-browser-use harvest \
  --url "https://news.ycombinator.com" \
  --selector ".titleline a" \
  --scrolls 3 \
  --delay 800 \
  --output headlines.json

Real output (59 unique items in ~6 seconds):

[
  "Genode OS is a tool kit for building highly secure special-purpose OS",
  "Mobile carriers can get your GPS location",
  "Students using \"humanizer\" programs to beat accusations of cheating with AI",
  "Finland to end \"uncontrolled human experiment\" with ban on youth social media",
  ...
]

Works on any infinite scroll page: Reddit, Twitter, LinkedIn feeds, search results, etc.

5. 📸 Quick Screenshot

Capture any page as PNG:

fast-browser-use screenshot \
  --url "https://example.com" \
  --output page.png \
  --full-page  # Optional: capture entire scrollable page

6. 🗺️ Sitemap & Page Structure Analyzer

Discover how a site is organized by parsing sitemaps and analyzing page structure.

# Basic sitemap discovery (checks robots.txt + common sitemap URLs)
fast-browser-use sitemap --url "https://example.com"

# Full analysis with page structure (headings, nav, sections)
fast-browser-use sitemap \
  --url "https://example.com" \
  --analyze-structure \
  --max-pages 10 \
  --max-sitemaps 5 \
  --output site-structure.json

Options:

  • --analyze-structure: Also extract page structure (headings, nav, sections, meta)
  • --max-pages N: Limit structure analysis to N pages (default: 5)
  • --max-sitemaps N: Limit sitemap parsing to N sitemaps (default: 10, useful for large sites)

Example output:

{
  "base_url": "https://example.com",
  "robots_txt": "User-agent: *\nSitemap: https://example.com/sitemap.xml",
  "sitemaps": ["https://example.com/sitemap.xml"],
  "pages": [
    "https://example.com/about",
    "https://example.com/products",
    "https://example.com/contact"
  ],
  "page_structures": [
    {
      "url": "https://example.com",
      "title": "Example - Home",
      "headings": [
        {"level": 1, "text": "Welcome to Example"},
        {"level": 2, "text": "Our Services"}
      ],
      "nav_links": [
        {"text": "About", "href": "/about"},
        {"text": "Products", "href": "/products"}
      ],
      "sections": [
        {"tag": "main", "id": "content", "role": "main"},
        {"tag": "footer", "id": "footer", "role": null}
      ],
      "main_content": {"tag": "main", "id": "content", "word_count": 450},
      "meta": {
        "description": "Example company homepage",
        "canonical": "https://example.com/"
      }
    }
  ]
}

Use this to understand site architecture before scraping, map navigation flows, or audit SEO structure.

⚡ Performance Comparison

FeatureFast Browser Use (Rust)Puppeteer (Node)Selenium (Java)
Startup Time< 50ms~800ms~2500ms
Memory Footprint15 MB100 MB+200 MB+
DOM ExtractZero-CopyJSON SerializeSlow Bridge

Capabilities & Tools

Vision & Extraction

  • vision_map: Returns a screenshot overlay with numbered bounding boxes for all interactive elements.
  • snapshot: Capture the raw HTML snapshot (YAML/Markdown optimized for AI).
  • screenshot: Capture a visual image of the page.
  • extract: Get structured data from the DOM.
  • markdown: Convert the current page content to Markdown.
  • sitemap: Analyze site structure via robots.txt, sitemaps, and page semantic analysis.

Navigation & Lifecycle

  • navigate: Visit a specific URL.
  • go_back / go_forward: Traverse browser history.
  • wait: Pause execution or wait for specific conditions.
  • new_tab: Open a new browser tab.
  • switch_tab: Switch focus to a specific tab.
  • close_tab: Close the current or specified tab.
  • tab_list: List all open tabs.
  • close: Terminate the browser session.

Interaction

  • click: Click elements via CSS selectors or DOM indices.
  • input: Type text into fields.
  • press_key: Send specific keyboard events.
  • hover: Hover over elements.
  • scroll: Scroll the viewport.
  • select: Choose options in dropdowns.

State & Debugging

  • cookies: Manage session cookies (get/set).
  • local_storage: Manage local storage data.
  • debug: Access console logs and debug information.

Usage

This skill is specialized for complex web interactions that require maintaining state (like being logged in), handling dynamic JavaScript content, or managing multiple pages simultaneously. It offers higher performance and control compared to standard fetch-based tools.

Files

69 total
Select a file
Select a file to preview.

Comments

Loading comments…