Agent Browser - Stagehand
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a browser-automation skill, but its install path is not reviewable and it can automatically use remote credentials and persistent login sessions.
Review this skill carefully before installing. Ask for the full source package and pinned install files, confirm whether it will run locally or on Browserbase, avoid logging into sensitive accounts until you trust the implementation, and clear `.chrome-profile/` after use if you do not want sessions preserved.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup could fail or could execute/link code that was not included in the reviewed artifact set.
The setup asks for package installation/building and a global command link, while the provided artifacts contain no package/source files or install spec for reviewing what would be installed or linked.
"1. Run: npm install (this will automatically build TypeScript)", "2. Run: npm link (this creates the global 'browser' command)"
Do not run npm install or npm link until the skill provides its package.json, lockfile, source code, and a declared install spec.
Browser sessions may run under a remote Browserbase account without the user realizing, potentially affecting account usage, billing, and data exposure.
The skill automatically uses account-backed Browserbase credentials from .env and switches to remote execution without prompting, despite metadata declaring no credentials or env vars.
If Browserbase API keys exist (BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID in .env file): Uses remote Browserbase environment ... No user prompting
Require explicit user approval before remote mode, declare Browserbase credentials in metadata, and provide a clear local-only option.
The skill could be used in ways that bypass website controls or violate site terms, especially when combined with automated clicks and extraction.
The remote mode is advertised with stealth/proxy/CAPTCHA support for production scraping, but the artifacts do not constrain this to authorized or policy-compliant use.
| Stealth mode | No | Yes | ... | Proxy/CAPTCHA | No | Yes | ... | Best for | Development | Production/scraping |
Use only on sites where automation is allowed, disable stealth/CAPTCHA features unless explicitly authorized, and require confirmation before submissions or account actions.
Future browser tasks may start already logged in, exposing private account pages or allowing unintended authenticated actions.
Persistent browser profiles can retain login cookies and other web state across tasks, but the artifacts do not define retention limits or a cleanup workflow.
This example uses Chrome's user profile (`.chrome-profile/`) which may preserve session cookies between runs.
Use separate temporary profiles for sensitive work, clear `.chrome-profile/` after use, and avoid entering important credentials unless you trust the implementation.
Sensitive page content, form text, or instructions could be involved in provider-mediated automation.
The skill relies on an external model/provider for browser actions; this is purpose-aligned, but users should understand that page context and requested actions may be processed outside the local browser.
Uses Stagehand's `page.act()` which leverages Claude Haiku 4.5
Review provider data-handling terms and avoid using the skill for sensitive logged-in pages unless the data flow is acceptable.