Browserbase
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: browse Version: 2.0.2 The skill bundle provides a legitimate interface for browser automation using the '@browserbasehq/browse-cli'. It includes comprehensive documentation (SKILL.md, REFERENCE.md) for navigating, interacting with, and extracting data from web pages via local Chrome or the Browserbase remote service. While it possesses high-privilege capabilities like JavaScript evaluation and network capture, these are standard for browser automation and are presented transparently without evidence of malicious intent or prompt-injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could help bypass site protections and scrape sites that are trying to block automation, creating legal, account, or abuse risk.
This is a concrete workflow for evading a site's anti-bot protections rather than ordinary authorized browsing.
"Scrape pricing from competitor.com" ... "Cloudflare bot detection. Browserbase remote mode can bypass this with anti-bot stealth and residential proxies."
Use browser automation only on sites you own or are explicitly authorized to access; require explicit user approval and an authorization check before any stealth, CAPTCHA-solving, proxy, or protected-site scraping workflow.
If the browser logs into accounts, cookies or authenticated sessions may persist and be reused in later automation, including in cloud-hosted remote sessions.
Remote mode uses Browserbase account credentials and can preserve authenticated browser state, but the artifacts do not clearly define credential scope, cookie retention, or cleanup boundaries.
Optional: set BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID for remote Browserbase sessions ... Provides: anti-bot stealth, automatic CAPTCHA solving, residential proxies, session persistence ... cookies/auth persist across sessions
Use dedicated Browserbase projects and accounts, avoid logging into sensitive accounts unless necessary, clear sessions after use, and declare credential/session handling clearly in metadata and user prompts.
Installing the skill means trusting the external Browserbase CLI package and its updates.
The skill may install and run an external global npm package; this is expected for the CLI-based purpose, but the package code is not included in the submitted artifacts.
which browse || npm install -g @browserbasehq/browse-cli
Install from the official package source, prefer pinned versions where possible, and review the package provenance before use in sensitive environments.
The agent could run page-context JavaScript that reads or changes page state on sites you are logged into.
The CLI exposes JavaScript evaluation inside the visited page. That can be useful for browser automation, but it is a powerful capability if applied to authenticated or sensitive pages.
`eval <expression>` Evaluate JavaScript in the page context.
Only allow JavaScript evaluation for user-approved, clearly scoped tasks, and avoid using it on sensitive authenticated pages unless necessary.
Captured network logs may contain private content, identifiers, or authentication-related data from browsing sessions.
Network capture is explicit and user-enabled, but it can store request/response data locally, potentially including sensitive page data.
Capture network requests to the filesystem for inspection ... requests and responses are saved as JSON files ... `network clear`
Use network capture only when needed, avoid it on sensitive logged-in sessions, and run `browse network clear` after inspection.