Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from websites, take screenshots, fill forms, click buttons, or interact with web applications.
Security Analysis
medium confidenceThe skill's stated purpose (browser automation) is plausible, but its runtime instructions request and rely on undeclared credentials, persistent browser profiles/download folders, and global install steps — inconsistencies that could lead to unintended data exposure or system changes.
The skill claims to automate browsers (reasonable). However the SKILL.md and setup.json expect ANTHROPIC_API_KEY and optionally Browserbase API keys (BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID) even though the registry metadata declares no required env vars/credentials. The skill also uses a persistent Chrome profile and download path which are plausible for a browser tool but increase scope (session cookies, saved credentials). The mismatch between declared requirements and actual instructions is incoherent.
Instructions tell the agent to run npm install and npm link (system-wide changes), to read/write a .env file and .chrome-profile, to save downloads to ./agent/downloads, and to use an external model (Anthropic) for action interpretation. The skill will therefore potentially transmit page content/DOM to a remote model and persist session cookies locally. The header also states automatic mode selection (local vs Browserbase) occurs without prompting, so presence of keys could silently change behavior to use remote infrastructure.
There is no formal install spec (instruction-only), which limits automated platform installation risk. But the runtime README explicitly instructs running 'npm install' and 'npm link' to create a global CLI — commands that modify the host environment and install dependencies from package manifests. That is expected for a CLI tool but means the agent or user will execute arbitrary package installs locally; provenance of those packages is not documented here.
The skill effectively requires ANTHROPIC_API_KEY (setup.json) and optionally Browserbase keys (SKILL.md) to enable remote model-driven actions and remote Browserbase scraping, but the registry metadata lists no required env vars. This mismatch is concerning: sensitive credentials are implicated but not declared. Additionally, persisting .chrome-profile can retain session cookies/credentials, expanding the data the tool can access.
The skill does not request always:true and does not modify other skills, which is fine. It does instruct creating a persistent Chrome profile (.chrome-profile), download and screenshot directories, and suggests npm link to install a global 'browser' command — these create persistent artifacts on disk and a global binary that alter the system environment. That behavior is plausible for a CLI but is a notable privilege/persistence footprint.
Guidance
This skill is coherent with a browser automation tool, but there are several red flags you should consider before installing or running it: - The registry says no credentials are required, but the included docs/setup.json expect ANTHROPIC_API_KEY and optionally Browserbase API keys. Treat those credentials as sensitive — if you provide them the tool may send page content and extracted data to remote services. - The skill recommends running 'npm install' and 'npm link', which will install dependencies and create a global 'browser' command. Only run those if you trust the package source; review package.json and dependency list first. - It uses a persistent Chrome profile (.chrome-profile) and saves downloads/screenshots to local folders. That will preserve cookies, sessions, and downloaded files — avoid using it on pages with sensitive accounts unless you understand and accept that persistence. - Mode selection is automatic: if Browserbase keys are present the tool will use remote infrastructure (stealth/proxy). If you don't want remote use, do not provide Browserbase credentials and remove any existing .env keys. - The tool refers to sending page data to an external LLM (Anthropic Claude). If you will visit pages containing secrets or PII, assume that data may be transmitted to the model provider. Recommended actions: inspect the package contents (package.json, src) before running npm install; run in an isolated/sandbox environment first; only provide API keys you trust and rotate them after testing; and avoid automating authenticated flows with sensitive accounts until you verify behavior and data flows.
Latest Release
v1.0.0
- Initial release of the browser skill for Stagehand CLI - Automates web browser interactions using natural language commands via CLI - Automatically selects local Chrome or remote Browserbase environment based on configuration - Supports commands to navigate, interact, extract data, observe elements, take screenshots, and close browser - Includes setup instructions, troubleshooting tips, and mode comparison for local vs remote usage
More by @peytoncasper
Published by @peytoncasper on ClawHub
