Browse 2.0.2
v1.0.0Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...
⭐ 1· 118·0 current·0 all-time
byOthniel su@radical7vii
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required binary 'browse', and the install (npm package @browserbasehq/browse-cli) align with a CLI browser-automation tool. The SKILL.md repeatedly documents local Chrome vs a Browserbase remote service, which is coherent with the stated capability. Minor note: the skill expects a local Chrome/Chromium for local mode but does not declare the browser binary as a required system dependency.
Instruction Scope
Instructions limit the agent to running the browse CLI and describe page navigation, snapshotting, clicking, typing, network capture to disk, and optional remote sessions. They do encourage escalation to a remote Browserbase service for bypassing bot protection and CAPTCHA solving — this is within the skill's browsing/scraping scope but increases privacy/abuse risk (e.g., scraping protected sites). The instructions do not ask the agent to read unrelated files or environment variables beyond the optional Browserbase keys.
Install Mechanism
Install uses an npm package (@browserbasehq/browse-cli) which will create the browse binary — this is a standard, traceable mechanism but carries the usual npm risk surface (post-install scripts, arbitrary code executed at install/run). No downloads from untrusted URLs or archive extracts are present.
Credentials
No required environment variables are declared. The SKILL.md documents two optional env vars (BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID) that are directly relevant to enabling remote Browserbase sessions; requiring those keys would be proportionate for remote operation. Be aware that supplying those keys hands browsing activity and session persistence to the third‑party service.
Persistence & Privilege
The skill does not request 'always: true' and is user-invocable. The browse CLI runs a background daemon that persists across commands and (if remote) the Browserbase service offers session persistence — this is expected for a browser tool but means cookies/session state and captured network files may persist until you explicitly stop/clear them.
Assessment
This skill appears to do what it says: it installs a CLI (via npm) and runs browser automation commands. Before installing: (1) verify the npm package name and publisher (@browserbasehq) and review the package repository and maintainers; (2) be cautious installing global npm CLIs (they run code on your machine and may include postinstall scripts); (3) understand that switching to remote Browserbase mode requires giving API keys to a third-party service which will see your browsing activity and may persist sessions/cookies — only provide those keys if you trust the provider and understand its privacy/terms; (4) local mode requires Chrome/Chromium present (ensure that dependency); (5) avoid using remote mode to scrape sites where you lack permission — there are legal and ethical risks; (6) stop the daemon and clear captured network data when finished (use `browse stop` and `browse network clear`).Like a lobster shell, security has layers — review code before you run it.
latestvk974t3q0t99ct6agsc3pxjr7hx83vaxs
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsbrowse
Install
Node
Bins: browse
npm i -g @browserbasehq/browse-cli