Skillv1.0.0

ClawScan security

Browserbase Persist with captcha · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:43 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is generally coherent with its stated purpose (managing Browserbase sessions) but has a few mismatches and privacy-sensitive defaults (session recording and automatic CAPTCHA solving), plus minor inconsistencies that warrant caution before installing.
Guidance: This skill appears to implement exactly what it says, but it has privacy- and credential-related implications you should consider before installing: - Default behavior records every session and automatically solves CAPTCHAs. Recordings and solved login flows can capture sensitive credentials and page content. If you will log into accounts, disable recording and captcha solving (use the provided flags) or avoid using the skill for sensitive sites. - The script persists named context mappings to ~/.browserbase/contexts.json (or to a directory you set via BROWSERBASE_CONFIG_DIR). If that file or your machine is shared, contexts may reveal which accounts you used. Consider setting BROWSERBASE_CONFIG_DIR to a controlled directory with appropriate permissions. - The code may construct a connect WebSocket URL that includes your API key as a query parameter if the SDK doesn't supply one. Treat your BROWSERBASE_API_KEY as sensitive: store it in a secure place and rotate it if you suspect exposure. - Installation relies on pip and Playwright; installing Playwright downloads browser binaries. Only proceed if you trust the browserbase package and its dependencies. Review scripts/browserbase_manager.py before running, and run setup in an isolated environment (or container) first. - Minor inconsistencies: SKILL.md/metadata don’t declare the optional BROWSERBASE_CONFIG_DIR env var and the registry lists no homepage/source; the required binary list mentions "uv" which is uncommon — verify what that refers to in your environment. If you trust the Browserbase service and accept recorded sessions/captcha solving, the skill is functionally coherent. If you need stronger privacy or auditability, ask for changes (clear opt-in for recording/solver, explicit warnings, configurable local config path) or run the tool in an isolated environment and review all code before use.

Review Dimensions

Purpose & Capability: okName, README, SKILL.md, and the included CLI script all consistently implement Browserbase session creation, context persistence, navigation, screenshots, recordings, and captcha solving. The required env vars (BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID) are appropriate for a cloud browser API client.
Instruction Scope: concernThe runtime instructions and the script enable recording every session by default and enable automatic CAPTCHA solving by default. These features can capture sensitive user credentials, page contents, and interactions. The script also constructs/uses a WebSocket connect URL that may include the API key as a query parameter (exposes credential in a URL), and the setup command performs a full smoke test that creates a live session and navigates to a site — these are consistent with the purpose but are high-impact actions that should be explicitly authorized by the user. The SKILL.md does not clearly warn about privacy implications of default recording/solver behavior.
Install Mechanism: noteThere is no platform install spec (instruction-only + included Python script). Dependencies are installed via pip and Playwright per the docs (requirements.txt present). This is a common, moderate-risk approach: it requires the user to run pip and playwright install commands (no opaque remote downloads), but the user must trust the pip packages and run Playwright (which downloads browsers).
Credentials: concernOnly two credentials are required (API key and project ID), which is proportionate to the stated capability. However: (1) the code also respects BROWSERBASE_CONFIG_DIR (not declared in requires.env), which lets the skill read/write a path under the user's home; (2) the script may include the API key in a constructed WebSocket URL if session.connect_url is missing, exposing the key in process args/URLs; and (3) the skill persists named contexts to disk (~/.browserbase/contexts.json) by default, storing context IDs that map to authentication state. These are reasonable for functionality but are sensitive and should be highlighted to users.
Persistence & Privilege: noteThe skill does not request always:true and does not modify other skills. It writes its own config file (~/.browserbase/contexts.json by default) and may create session recordings on the remote service (and allows downloading them). That is expected for session-management tooling but is a permanence/privacy consideration (local context file plus remote recordings).