Browserbase
MaliciousAudited by ClawScan on May 10, 2026.
Overview
The skill openly supports browser automation, but it also explicitly promotes bypassing CAPTCHAs, Cloudflare, and bot-detection using stealth browsers, residential proxies, and persistent sessions.
Do not install this skill for general use unless you have a legitimate, authorized need for Browserbase automation and are comfortable with its anti-bot, CAPTCHA-solving, proxy, and persistent-session capabilities. Avoid using it on third-party protected sites without explicit permission, and use dedicated credentials and disposable sessions for any remote browsing.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help bypass site protections and scrape sites that are trying to block automation, creating legal, account, or abuse risk.
This is a concrete workflow for evading a site's anti-bot protections rather than ordinary authorized browsing.
"Scrape pricing from competitor.com" ... "Cloudflare bot detection. Browserbase remote mode can bypass this with anti-bot stealth and residential proxies."
Use browser automation only on sites you own or are explicitly authorized to access; require explicit user approval and an authorization check before any stealth, CAPTCHA-solving, proxy, or protected-site scraping workflow.
If the browser logs into accounts, cookies or authenticated sessions may persist and be reused in later automation, including in cloud-hosted remote sessions.
Remote mode uses Browserbase account credentials and can preserve authenticated browser state, but the artifacts do not clearly define credential scope, cookie retention, or cleanup boundaries.
Optional: set BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID for remote Browserbase sessions ... Provides: anti-bot stealth, automatic CAPTCHA solving, residential proxies, session persistence ... cookies/auth persist across sessions
Use dedicated Browserbase projects and accounts, avoid logging into sensitive accounts unless necessary, clear sessions after use, and declare credential/session handling clearly in metadata and user prompts.
Installing the skill means trusting the external Browserbase CLI package and its updates.
The skill may install and run an external global npm package; this is expected for the CLI-based purpose, but the package code is not included in the submitted artifacts.
which browse || npm install -g @browserbasehq/browse-cli
Install from the official package source, prefer pinned versions where possible, and review the package provenance before use in sensitive environments.
The agent could run page-context JavaScript that reads or changes page state on sites you are logged into.
The CLI exposes JavaScript evaluation inside the visited page. That can be useful for browser automation, but it is a powerful capability if applied to authenticated or sensitive pages.
`eval <expression>` Evaluate JavaScript in the page context.
Only allow JavaScript evaluation for user-approved, clearly scoped tasks, and avoid using it on sensitive authenticated pages unless necessary.
Captured network logs may contain private content, identifiers, or authentication-related data from browsing sessions.
Network capture is explicit and user-enabled, but it can store request/response data locally, potentially including sensitive page data.
Capture network requests to the filesystem for inspection ... requests and responses are saved as JSON files ... `network clear`
Use network capture only when needed, avoid it on sensitive logged-in sessions, and run `browse network clear` after inspection.