Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
browserbase-sessions
v2.5.0Create and manage persistent Browserbase cloud browser sessions with authentication persistence. Use when you need to automate browsers, maintain logged-in s...
⭐ 0· 1.1k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name and description match the included Python CLI and SKILL.md: it manages Browserbase sessions, contexts, workspaces, and human handoffs. However, the package also bundles a Node script (dedication_automation.mjs) that automates external services (ChatGPT/Suno Hitmaker) using a Browserbase session — that expands functionality beyond pure session management. The extra automation is plausibly useful but broadens the skill's scope and credential needs.
Instruction Scope
SKILL.md instructs the agent to request BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID, install Python deps and Playwright, create sessions, share live remote-control links, run human handoffs, and fetch recordings/download archives. Those instructions are coherent for a Browserbase integration. They do, however, direct actions that can capture or transmit sensitive content (session recordings, downloaded files, cookies/localStorage) and to automatically solve CAPTCHAs — all expected for this functionality but privacy-sensitive. The instructions do not appear to ask the agent to read unrelated system files or exfiltrate secrets to unknown endpoints.
Install Mechanism
There is no remote arbitrary binary download in the skill bundle; installation is handled via pip (requirements.txt) and Playwright (which downloads browser binaries) and Node dependencies listed in package.json/pnpm-lock. These are standard registries (PyPI/npm packages, Playwright's browser downloads). No suspicious shorteners or personal servers are used in the provided files. Installing Playwright will download large browser binaries — expected but notable.
Credentials
Metadata declares a primaryEnv (BROWSERBASE_API_KEY) but registry 'required env vars' is empty; in reality the code and SKILL.md require both BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID (get_env is called for both). The Node automation script optionally references OPENAI_API_KEY / STAGEHAND_MODEL_API_KEY and CHATGPT_HITMAKER_URL — additional credentials that expand the blast radius. This mismatch between declared and actually-required env vars is a meaningful inconsistency that could lead to surprise credential prompts or misuse.
Persistence & Privilege
always:false and the skill does not request system-wide privileges. The CLI writes local state under a dedicated directory (~/.browserbase by default) for contexts, workspaces, and handoffs — expected behavior for persisting session/workspace metadata. It does not modify other skills' configs. Because autonomous invocation is allowed by default, be aware that the agent could autonomously create/start sessions if enabled; that is platform-normal but increases potential impact if you supply credentials.
What to consider before installing
What to consider before installing and enabling this skill:
- Credentials: You will need to provide BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID. The skill metadata only lists the API key, but the code requires the Project ID too — expect the agent to ask for both. The Node utility may optionally use OPENAI_API_KEY or other model/service keys if you run it.
- Local state and privacy: The skill stores contexts, workspaces, and handoff files in a directory under your home (default: ~/.browserbase). It also enables session recording, logging, and captcha solving by default. Session recordings, logs, cookies, localStorage and any downloaded files can contain sensitive data — review and disable recording/logging/captcha solving if you need stricter privacy.
- Install side-effects: Installation uses pip and Playwright. Playwright will download Chromium (large binary) and the Python packages from PyPI; the Node script depends on npm packages. Review requirements.txt and package.json if you prefer to vet packages before installation.
- Expanded scope: The included Node script (dedication_automation.mjs) automates third-party sites via a Browserbase session and may invoke LLM services. If you won't use that functionality, consider removing or isolating that file or running the skill in a sandboxed environment.
- Trust and least privilege: Only supply a Browserbase API key you trust to the agent and consider using a dedicated project / limited-permission key if Browserbase supports scoped keys. If you must provide other service keys (OpenAI, custom GPT endpoints), prefer ephemeral or scoped credentials.
- Code review: If you are not comfortable installing immediately, review the provided scripts (browserbase_manager.py and dedication_automation.mjs) yourself or have someone audit them. Pay attention to any network calls (they target api.browserbase.com, which aligns with the skill) and file-write locations.
- Operational practice: Run the install/setup in a controlled environment (virtualenv/venv or container) so Playwright and dependencies don't affect global Python environment. Disable recording/logging by default unless you need it.
If you want, I can:
- highlight the exact lines where environment variables are read and where recording/captcha/remote links are enabled,
- extract the list of third-party packages the skill will install,
- or show the filesystem paths the skill will write to so you can pre-create or sandbox them.Like a lobster shell, security has layers — review code before you run it.
latestvk976010z798kp97e4a7143gx31815agflatest Browserbasevk979gq08jcttaeewddte2fkcen80x8rk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis
Binspython3
Primary envBROWSERBASE_API_KEY