Pluginv1.8.15

ClawScan security

Camofox Browser · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 7:46 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The package and runtime instructions are internally consistent with an anti-detection headless browser server: required env vars, file reads, subprocesses, and telemetry are explained and usable for the described features, but a few user-facing risks (cookie import, default telemetry, large binary download) deserve attention before installing.
Guidance: This plugin appears to be what it claims, but review the following before installing: - Cookie import: The camofox_import_cookies flow reads Netscape-format cookie files from ~/.camofox/cookies and will POST cookie data to the Camofox server. Only enable and set CAMOFOX_API_KEY if the server is truly local or access-controlled; otherwise you risk sending sensitive cookies to a remote process. The plugin documents path-traversal protection and a 5MB/500-cookie limit, but you should still validate workflows before importing real account cookies. - Telemetry: Crash/hang telemetry is enabled by default and posts anonymized data to https://camofox-telemetry.askjo.workers.dev/report. If you prefer no outbound telemetry, set CAMOFOX_CRASH_REPORT_ENABLED=false or change CAMOFOX_CRASH_REPORT_URL to a self-hosted endpoint and review lib/reporter.js. The publisher claims domains are HMAC-hashed and no page content, cookies, IPs, or tokens are sent; read the reporter code if you need assurance. - Binary download & subprocesses: Running the server will download a ~300MB Camoufox binary from GitHub releases (camoufox-js fetch) and spawn browser subprocesses (Camoufox) and optionally yt-dlp. Ensure you trust the Camoufox upstream and have sufficient disk/network resources. - Network exposure: By default the server listens on localhost:9377. If you expose it externally, set CAMOFOX_ACCESS_KEY to require Bearer auth for routes. The README explicitly warns to only set sensitive keys when the server is local or access-controlled. - Audit recommended files: If you want higher assurance, review lib/reporter.js (telemetry payload/anonymization), lib/cookies.js (cookie parsing and path handling), lib/launcher.js (process spawning), and any default endpoints in server.js. Also confirm any CI/workflow artifacts (Dockerfile, Makefile) meet your deployment policies. Overall: internally coherent for its purpose; be cautious with cookie import and default telemetry settings and ensure proper access controls when running the server.

Review Dimensions

Purpose & Capability: okName/description (anti-detection browser for AI agents) matches the included code and declared capabilities: a patched Firefox build (Camoufox) downloaded at runtime, REST API routes, cookie import, proxy support, VNC, and optional yt-dlp. The env vars declared (CAMOFOX_API_KEY, CAMOFOX_ACCESS_KEY, crash report toggles) align with features listed (cookie import gating, global access key, telemetry). No unrelated credentials or binaries are requested.
Instruction Scope: noteRuntime instructions and the plugin explicitly direct reading local cookie files under ~/.camofox/cookies for cookie import and instruct the agent to POST those cookies to the server (gated by CAMOFOX_API_KEY). That behaviour is consistent with the stated cookie-import feature, but it means local browser cookies can be read and transmitted to the server when cookie-import is used — ensure the server is local or access-controlled before enabling. The SKILL.md and README otherwise avoid vague 'gather context' instructions and scope subprocesses to launcher/plugins.
Install Mechanism: okThe registry entry is instruction-only (no platform install spec). The package contains full source and relies on camoufox-js to download Camoufox binaries (~300MB) from GitHub releases; that is documented. Downloading a large trusted binary from GitHub releases is expected for this product. No opaque URL shorteners or personal servers are used for core runtime artifacts; telemetry endpoint is a Cloudflare Worker (configurable).
Credentials: noteRequired env vars are optional and map to explicit features. CAMOFOX_API_KEY gates cookie import (sensible), CAMOFOX_ACCESS_KEY gates global API access (sensible). Telemetry is enabled by default and sends anonymized crash/hang reports to an external endpoint (default CAMOFOX_CRASH_REPORT_URL). The package documents opt-out (CAMOFOX_CRASH_REPORT_ENABLED=false) and self-host override. Cookie import will expose cookies if you enable it — only set CAMOFOX_API_KEY if the server is local or access-controlled.
Persistence & Privilege: okThe skill does not request 'always: true'. It persists session profiles and optional traces under ~/.camofox/, which is consistent with session persistence and trace features. Plugins spawn subprocesses for Camoufox and optional yt-dlp in dedicated launcher modules. The skill does not modify other skills' configs or request system-wide privileges beyond its documented file paths.