Stagehand Browser CLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a plausible browser automation skill, but it asks users to trust an unprovided CLI and can automatically use remote browser credentials while retaining session data.
Review carefully before installing. Ask for the full source package and dependency lockfile, avoid running npm install/npm link from this artifact alone, choose local vs remote mode explicitly, do not enter sensitive credentials unless you trust the implementation, and clean up .chrome-profile plus screenshot/download directories after use.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running setup could modify the user's Node/global command environment or cause the agent to invoke an unreviewed browser command.
These setup steps install and globally link a CLI, but the submitted skill has no reviewed source/package files or install spec for that command.
"Run: npm install (this will automatically build TypeScript)", "Run: npm link (this creates the global 'browser' command)"
Do not run the setup until the full source, package manifest, dependency lockfile, and install spec are supplied and trusted.
Browsing activity may run through a remote Browserbase account and consume or expose account-backed browser sessions without an explicit per-task mode choice.
The skill can detect Browserbase credentials in a .env file and choose the remote browser account automatically, while the registry metadata declares no credentials or environment variables.
"If Browserbase API keys exist ... Uses remote Browserbase environment" ... "No user prompting"
Require explicit user confirmation before remote mode, declare the Browserbase credentials in metadata, and remove those keys when local-only browsing is intended.
Users could run automations that get accounts flagged, violate site rules, or perform scraping they did not intend to route through a remote anti-detection environment.
The remote mode is positioned for stealth/proxy/CAPTCHA-supported scraping, which is broader than ordinary browser assistance and may bypass site controls.
"Stealth mode | No | Yes" ... "Proxy/CAPTCHA | No | Yes" ... "Best for | Development | Production/scraping"
Use only on sites where automation is authorized, avoid stealth/CAPTCHA/proxy features unless explicitly needed, and confirm before scraping or submitting forms.
A vague action could click, type, or submit something unintended on a real website.
AI-selected browser actions are central to the skill and disclosed, but the documentation acknowledges ambiguous instructions can act on the wrong page element.
"Supports: clicking, typing, selecting, scrolling, waiting, hovering" and "Without specificity it might succeed on the wrong element!"
Use observe and screenshots before sensitive actions, and require explicit confirmation for login, purchase, deletion, posting, or form-submission steps.
If the user logs into a site, later runs may still be authenticated and able to act in that account.
The skill uses a persistent browser profile, so authenticated sessions can remain available to later browser automation.
"This example uses Chrome's user profile (`.chrome-profile/`) which may preserve session cookies between runs."
Use a dedicated profile for this skill, log out of sensitive sites, and delete .chrome-profile when session persistence is not desired.
Screenshots, downloads, or cached page analysis from sensitive sites may remain on disk and be reused or viewed later.
The skill writes browsing artifacts and enables caching, which may retain private page content or downloaded files after the task.
"Screenshots: `./agent/browser_screenshots/`", "Downloads: `./agent/downloads/`", and "enableCaching: true"
Regularly clear the screenshot, download, cache, and profile directories, especially after working with private or authenticated pages.