Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Browser Stagehand
v1.0.0Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...
⭐ 0· 79·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to automate a browser via a 'browser' CLI. That purpose fits the instructions, but the package metadata says no required env vars, no binaries, and no install steps — while the SKILL.md and setup.json explicitly require ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY/BROWSERBASE_PROJECT_ID, and instruct npm install/npm link to create a global 'browser' command. Requiring an LLM API key and an optional remote Browserbase key is plausible for the described capability, but those credentials are not declared in the registry metadata — this mismatch is incoherent.
Instruction Scope
The runtime instructions tell the agent to automatically detect Browserbase keys from a .env file and switch between remote and local modes without user prompting, to launch Chrome with a persistent profile (.chrome-profile) and remote debugging on port 9222, to auto-download files into ./agent/downloads, and to preserve session cookies. These actions go beyond a simple CLI description and imply reading local .env, writing/using persistent browser profiles, and potentially sending page data to a remote service — all of which are sensitive behaviors not declared in the package metadata.
Install Mechanism
There is no install spec in the registry entry, yet SKILL.md/setup.json instruct the user to run 'npm install' and 'npm link' to create a global 'browser' command. The package provided here contains documentation files only (no package.json or source files listed), so the recommended install steps cannot be verified from the bundle. That is an inconsistency and raises risk: following npm install/npm link installs and runs code not present in this package snapshot unless obtained from elsewhere — the instructions should include explicit, verifiable install sources.
Credentials
The skill's docs require/encourage ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID, but the registry metadata declares no required env vars or primary credential. Requesting LLM API keys and a remote Browserbase project is plausible for AI-driven page interactions and remote execution, but those are sensitive credentials. The automatic, non-interactive decision to use a remote Browserbase when keys are present is surprising and could cause data to be sent externally without explicit confirmation.
Persistence & Privilege
The tool uses a persistent Chrome profile directory (.chrome-profile) and stores downloads in ./agent/downloads — the profile preserves cookies/sessions across runs and Chrome is launched with remote debugging enabled (port 9222). While persistence is coherent for browser automation, this grants ongoing access to local session data and opens a remote debugging port; combined with an automatic remote mode, this increases privacy and exfiltration risk if credentials or remote endpoints are misused. The skill does not request forced always-on privileges, but its suggested setup creates lasting artifacts on disk.
What to consider before installing
Do not run the suggested npm install/npm link or provide API keys until you verify the actual CLI source code and package.json. Specific things to check or ask the author before installing: 1) Provide the package.json and source (src/) so you can audit what npm will install and what the global 'browser' binary does. 2) Explain why ANTHROPIC_API_KEY and Browserbase keys are needed and declare them in registry metadata; confirm what data (pages, screenshots, extracted data) is sent to any remote service and where. 3) If you must test, do so in an isolated environment (VM/container) and avoid exporting real credentials; use throwaway accounts and network monitoring. 4) Be aware that the tool preserves a Chrome user-data directory (.chrome-profile) and saves downloads — this can expose cookies and local session data. 5) Prefer explicit user prompts before any remote execution; avoid automatic switching to remote mode based on a local .env file unless you trust the remote endpoint. If the author can supply a coherent package (code + package.json) and update registry metadata to list required env vars, re-evaluate after reviewing the source.Like a lobster shell, security has layers — review code before you run it.
latestvk97260eg3qv670jnzd7f9z35hx83vrxg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.