Midscene Automations Skills for Browser with Bridge
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill can control your logged-in Chrome browser through an external automation tool, so it should be reviewed carefully before use.
Install only if you are comfortable letting this skill operate your real Chrome browser. Prefer a separate browser profile or test account, avoid sensitive sites, verify the Midscene npm package and model provider, and require confirmation before any action that submits, purchases, posts, deletes, or changes account data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to view account data and take actions on websites as the logged-in user.
The skill operates through the user's authenticated Chrome profile, giving automation access to websites where the user is already logged in.
connects to the user's desktop Chrome browser via the Midscene Chrome Extension, preserving cookies, sessions, and login state
Use a separate Chrome profile or test account, close unrelated logged-in tabs, and require explicit confirmation before any account-changing action.
A mistaken or overbroad prompt could cause clicks, form submissions, purchases, posts, or other web changes in the user's browser.
The automation command can perform broad multi-step browser actions from a single natural-language prompt, with no visible scoping or confirmation rule for sensitive submissions.
It autonomously handles all UI interactions internally — clicking, typing, scrolling, hovering, waiting, and navigating — so you should give it complex, high-level tasks as a whole
Limit tasks to clearly specified sites and actions, and add a user confirmation step before submitting forms, making purchases, deleting data, posting content, or changing account settings.
Sensitive information visible in the browser could be included in screenshots used for model-based automation.
The skill's screenshot-driven workflow depends on a configured vision model provider, so screenshots of logged-in pages may be processed by that provider.
Operates entirely from screenshots ... Midscene requires models with strong visual grounding capabilities ... MIDSCENE_MODEL_API_KEY ... MIDSCENE_MODEL_BASE_URL
Review the chosen model provider's privacy policy and avoid using the skill on pages containing sensitive personal, financial, medical, or confidential business information unless acceptable.
Users are trusting the external Midscene npm package to handle browser access and model credentials safely.
The skill delegates execution to an external npm package invoked by `npx`; this is central to the skill, but the package code is not part of the reviewed artifacts and the version range can float within major version 1.
npx @midscene/web@1 --bridge <subcommand> [args]
Install only from a trusted npm registry, consider pinning an exact reviewed package version, and verify the Midscene package/source before using it with logged-in browser sessions.