Browse
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill’s browser-automation purpose is clear, but it delegates broad website and login-session control to an unprovided external `browse` command with limited scoping and provenance.
Install only if you trust the `browse` CLI that will actually run on your system. Use narrow instructions, test accounts, and trusted sites; confirm before submissions, uploads, purchases, account changes, or public actions; and wipe or close browser sessions after authenticated use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on logged-in or sensitive sites, the agent could submit forms, click destructive controls, upload files, or otherwise change account state unless the user gives very clear limits.
The skill exposes a broad browser-control tool through a Bash wildcard and describes high-impact actions such as filling forms and clicking buttons, without explicit approval boundaries for sensitive website actions.
Use when the user needs to interact with websites, including navigating pages, filling forms, clicking buttons... or automating any browser task. ... allowed-tools: Bash(browse:*)
Use only with explicit, narrow instructions. Require confirmation before submitting forms, changing account settings, making purchases, posting publicly, uploading files, or taking irreversible actions.
A user cannot verify from these artifacts which `browse` binary will run or whether it safely handles browser data, cookies, files, and web actions.
The skill depends on executing a `browse` CLI, but the supplied artifacts provide no installation source or reviewed implementation for that executable. The registry also lists the source as unknown and no homepage.
No install spec — this is an instruction-only skill.
Before installing, verify the exact `browse` executable on PATH, its publisher, version, and installation source. Prefer a package with reviewed code or a pinned trusted dependency.
Browser sessions could let the agent continue acting as the user on logged-in sites, and saved auth-state files could expose account access if mishandled.
The skill explicitly handles web login/session material and can save or load auth state, but the artifacts do not define which credentials are used, where auth files are stored, or how cleanup is enforced.
Session state (cookies, localStorage, auth tokens) persists across commands within a session. ... Auth | login --env <name>, auth-state save/load <path>
Use test accounts where possible, avoid saving auth state unless necessary, store auth files securely, and run `wipe` or close sessions after sensitive browsing.
A browser daemon or session could remain available after the immediate task, carrying cookies or page state.
The daemon behavior is disclosed and purpose-aligned for performance, but it means browser automation state may remain active beyond a single command.
`browse` is a CLI that wraps Playwright behind a persistent daemon on a Unix socket.
Use documented cleanup commands such as `quit`, `wipe`, or session close when finished, especially after authenticated browsing.
If a webhook is used, page/test data or reports may leave the local environment and be sent to the specified endpoint.
The skill supports sending flow or healthcheck results to a user-provided webhook. This is disclosed and likely purpose-aligned, but the destination and report contents are not bounded in the artifact.
flow <name> ... --webhook <url> ... healthcheck ... --webhook <url>
Only use trusted webhook URLs and avoid webhook reporting for sensitive pages unless you have reviewed what data will be sent.