BrowserOS CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed BrowserOS browser-automation wrapper, but it can control a real browser and install external tooling, so sensitive actions should be supervised.
This skill appears coherent and purpose-aligned for browser automation. Before installing, be comfortable with BrowserOS CLI controlling a real browser, and supervise actions that submit forms, affect accounts, upload files, delete history/bookmarks, or use JavaScript eval. Install the external BrowserOS CLI/app only from sources you trust.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on sensitive websites, the agent could click buttons, type into forms, submit data, upload files, or change browser resources as part of a task.
The skill exposes a broad browser-control CLI that can perform website actions, upload/download files, and manage browser resources. This is central to the stated purpose, but it is powerful.
allowed-tools: Bash(browseros-cli *) ... clicking elements, filling forms, submitting data ... upload <id> <file> ... bookmark ... history
Use it only for intended browser tasks and require confirmation before logins, purchases, posts, deletions, file uploads, or other irreversible actions.
The agent may be able to act as you on websites you are logged into or where you provide login details.
The documentation shows automating login/form submission in a real browser. The artifacts do not show credential theft or storage, but actions may occur under the user's active web identity or supplied credentials.
Control a real Chromium browser via `browseros-cli` ... `browseros-cli fill 11 "password123"` ... `browseros-cli click 15`
Avoid granting it unsupervised access to sensitive accounts, and review each account-changing step before it is submitted.
Installing the skill's runtime depends on external BrowserOS/npm code that was not part of this artifact review.
The setup instructions install an external npm package globally and download the BrowserOS app, while the reviewed artifacts contain no implementation code or pinned install spec.
npm install -g browseros-cli ... browseros-cli install
Install only from the official BrowserOS/npm sources you trust, and consider pinning or reviewing the CLI version in controlled environments.
JavaScript execution could read or change page state if used on a sensitive page.
The CLI supports running JavaScript in the browser page. SKILL.md says to avoid eval unless no simpler command works, so this is disclosed and discouraged rather than hidden.
`eval "<js>"` | `browseros-cli eval "document.title"` | Run JavaScript
Prefer `text`, `snap`, `links`, or scoped extraction commands; use `eval` only when necessary and on pages you trust.
The agent could view or alter private browsing history and bookmarks if a task uses those commands.
Browser history and bookmarks are persistent user context. The CLI can list, search, and delete history and list or modify bookmarks.
`history recent` | Recent history ... `history search <q>` ... `history delete-range` ... `bookmark list` | List all bookmarks
Use history/bookmark commands only when needed, and avoid running them in a browser profile that contains sensitive personal or work browsing data unless you intend that access.