Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from websites, take screenshots, fill forms, click buttons, or interact with web applications.
Security Analysis
medium confidenceThe skill's documentation describes browser automation but its runtime instructions and setup contradict the declared manifest (it expects API keys, tells the agent to read .env automatically, and instructs global npm install/link), which is disproportionate and could expose secrets or modify the host without clear justification.
Name/description claim simple browser automation. However the included docs reference requiring an ANTHROPIC_API_KEY and optional Browserbase keys (BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID) and an npm-installed CLI. The registry metadata declares no required env vars or binaries — that mismatch is unexplained. A legitimate CLI-based browser skill would reasonably need an API key for the model or Browserbase creds and a real install spec; the absence of those in the manifest is inconsistent.
SKILL.md instructs automatic environment selection by checking a .env file for Browserbase keys and says selection occurs with 'No user prompting', implying the agent should read local config without asking. It also instructs running `npm install` and `npm link` and to use a persistent Chrome profile (.chrome-profile/) and agent download folder, which involves reading/writing local files, persisting cookies/sessions, and creating a global command — all outside a minimal 'read-only browse' scope and potentially exposing sensitive data (API keys, session cookies).
There is no formal install spec in the registry, but SKILL.md/setup.json explicitly instructs `npm install` and `npm link`. That would modify disk and create a global binary. The skill bundle itself contains no code files or package manifest, so `npm install` may fail here — but the instructions still encourage installing arbitrary Node dependencies which is a high-risk action because it can fetch and run code from the network and alter the host environment.
The skill manifest claims no required env vars, yet the docs require/encourage ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID. The instructions tell the agent to check .env automatically. Requesting model API keys and remote service keys is plausible for AI-driven automation, but the lack of declaration in the registry and the automatic, non-interactive checking of local .env is disproportionate and risks accidental credential exposure or silent use of remote services.
The setup flow recommends `npm link` to create a global 'browser' command (system-wide change) and uses a persistent Chrome profile directory (.chrome-profile/) that preserves cookies and sessions between runs. The skill does not set always:true, but the instructions still request persistent artifacts and global CLI installation which increases blast radius and privacy risk if installed without inspection.
Guidance
Do not run the suggested setup steps blindly. Key warnings: - Manifest vs docs mismatch: the registry says no env vars required but the docs expect ANTHROPIC_API_KEY and optional Browserbase keys. Treat those as sensitive secrets. - The SKILL.md instructs reading a local .env automatically without prompting — that could expose API keys or other secrets. Ensure the agent is not allowed to read .env or other config files unless you explicitly permit it. - The instructions recommend `npm install` and `npm link`, which will fetch and install Node packages and create a global command. Inspect any package.json and the source code first (and prefer not to run npm link globally) because this changes your system and can run arbitrary code. - The tool preserves a Chrome profile directory and download folder; that can retain cookies, sessions, and downloaded files. If you install, isolate it (use a VM/container) and do not reuse your regular browser profile. - Before installing, request the actual package source (package.json, package lock, and the CLI source). If you cannot review the code or provenance, avoid installing. Also prefer explicit prompts/consent for using remote Browserbase or model API keys rather than automatic selection.
Latest Release
v1.0.0
Initial release of browser automation skill for CLI. - Automates web browser interactions using natural language commands via CLI. - Automatically selects between local Chrome and remote Browserbase environments based on configuration (no user prompting). - Provides commands for navigation, interacting with pages, data extraction, element discovery, screenshots, and browser closure. - Supports both quick start usage and detailed troubleshooting guidance. - Includes a table outlining feature differences between local and remote modes. - Best practices and setup instructions clearly documented.
More by @peytoncasper
Published by @peytoncasper on ClawHub
