Is highxshell/next-browser safe?

https://github.com/openclaw/skills/tree/main/skills/highxshell/next-browser

76
CAUTION

The highxshell/next-browser skill is a cloud browser automation wrapper for the Nextbrowser commercial service. The skill itself contains no malicious code and cloned cleanly with no unexpected network behavior. However, it is explicitly designed to enable coordinated inauthentic behavior — its canonical example demonstrates fake social media voting and comment fabrication using CAPTCHA bypass and residential proxies — and it unconditionally mandates skipping plan approval for all browser tasks, removing a key human oversight mechanism. The combination of stored credentials, always-autonomous execution, stealth browsing infrastructure, and identity obfuscation via residential proxies makes this a high-risk tool for abuse despite the absence of traditional malware indicators.

Category Scores

Prompt Injection 62/100 · 30%
Data Exfiltration 68/100 · 25%
Code Execution 96/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 35/100 · 5%

Findings (6)

HIGH Unconditional skip_plan_approval removes user oversight -20

The skill mandates that all browser automation tasks are submitted with skip_plan_approval: true, unconditionally bypassing the subagent's built-in plan review step. This means users cannot review what the autonomous browser agent is about to do before it acts on their logged-in accounts.

HIGH Primary use case is social media astroturfing -30

The canonical example task demonstrates automated fake social media engagement — fabricating votes and authentic-sounding comments at scale. This is the 'primary use' per the skill's own description, framing coordinated inauthentic behavior as a feature.

HIGH CAPTCHA bypass and browser stealth explicitly advertised -20

The skill markets 'CAPTCHA solving capability' and 'browser stealth' as features, which are exclusively useful for circumventing platform security controls and bot-detection systems. This positions the skill as a fraud-enablement tool.

MEDIUM User credentials and session data stored on third-party infrastructure -17

Authentication credentials and browser cookies are stored on Nextbrowser's servers and reused autonomously. Users surrendering credentials to a third-party commercial service creates supply-chain risk.

MEDIUM Hardcoded behavioral directives override agent and user preferences -18

The skill contains two unconditional behavioral overrides — always use fast mode, always skip plan approval — that remove user agency over how the agent operates.

MEDIUM Residential proxy spoofing obscures agent attribution -10

Routing autonomous browser actions through residential proxies with geolocation spoofing makes it impossible to attribute harmful actions to their origin, defeating platform safety and legal accountability.