Gemini Computer Use
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears to do what it says—run a Gemini-powered Playwright browser agent—but users should understand it sends browser screenshots to Gemini and can automate clicks, typing, and navigation.
This skill is reasonable for its stated purpose, but use it carefully: run it in a virtual environment and sandboxed browser profile, avoid sensitive logged-in sessions unless necessary, keep the turn limit small, use --exclude to block unwanted actions, and remember that visible page content can be sent to Gemini.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may interact with web pages on the user's behalf, including clicking buttons or entering text, within the configured turn limit.
The script supports model-driven browser actions including navigation, clicking, typing, key presses, and drag-and-drop. This is central to the skill's purpose, but it can affect websites the browser can access.
"navigate", "click_at", "type_text_at", "key_combination", "drag_and_drop"
Run it in a sandboxed or test browser profile, avoid sensitive logged-in accounts unless intended, use --exclude for actions you do not want, and keep turn limits low.
Anything visible in the browser screenshot, plus the current URL, may be sent to Gemini during the automation loop.
The agent sends the current page URL and screenshots as function responses to the Gemini provider. This is disclosed by the workflow and required for Computer Use, but page contents may include sensitive information.
payload = {"url": current_url} ... mime_type="image/png", data=screenshot_bytesUse test accounts or non-sensitive pages where possible, and do not run the agent on private, financial, medical, or confidential pages unless you accept that data sharing.
The skill needs access to a Gemini API key, which may incur usage or billing under the user's Google account.
The script requires a Gemini API key, while the registry metadata declares no required env vars or primary credential. The credential use is expected for the Gemini integration, and the artifacts do not show key logging or unrelated use.
api_key = os.getenv("GEMINI_API_KEY") ... "Missing GEMINI_API_KEY. Export it before running."Declare GEMINI_API_KEY in the skill metadata, keep the key in the environment rather than files or prompts, and use a key/account appropriate for this automation.
Installation depends on whatever package and browser versions are resolved at install time.
The user-directed setup installs live package versions and downloads a browser runtime without pinned versions or a lockfile. This is normal for a quick-start browser automation skill, but users should notice the dependency/provenance choice.
pip install google-genai playwright playwright install chromium
Install in a virtual environment, prefer pinned versions or a lockfile for repeatable use, and review dependency sources before using it in sensitive environments.