Browserless Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its browser-automation purpose, but it can expose typed form secrets in logs and agent output, so it should be reviewed before use.
Install only if you are comfortable giving the agent broad browser-control abilities. Avoid using it for passwords, tokens, or confidential forms until the type_text logging/return behavior is fixed, and use a trusted or self-hosted Browserless service for sensitive browsing.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Secrets or private form entries typed through the skill could be exposed in OpenClaw logs or model-visible action results.
The skill logs and returns the exact text typed into web forms. If used for passwords, API tokens, account details, or personal data, those values may enter logs and the agent transcript instead of being redacted.
print(f"Typing '{text}' into selector: {selector}", file=sys.stderr) ... return {"status": "success", "action": "type_text", "selector": selector, "text": text}Do not use this skill for passwords or sensitive form values unless logging and return values are redacted. The skill should mask typed text, omit it from action results, and avoid printing form contents to stderr.
If used on an authenticated or sensitive website, the agent could submit forms, upload selected files, or make account-affecting changes.
The skill exposes actions that can submit forms, upload files, click controls, and alter request behavior. These capabilities match the stated automation purpose but are high impact on real sites.
Form Automation: Type text, click buttons, select options, upload files ... Network Control: Intercept requests, modify headers, block resources
Use explicit user confirmation for submissions, uploads, purchases, account changes, and authenticated actions. Prefer domain allowlists or read-only workflows for scraping tasks.
JavaScript run on a logged-in page may read page-visible data, change forms, trigger requests, or alter local browser state.
The skill intentionally supports running JavaScript in the page context. This is expected for advanced browser automation, but it is an escape hatch that can inspect or modify page state.
`evaluate` / `evaluate_function` - Run JavaScript
Only run JavaScript that the user requested and understands, and avoid using this action on sensitive authenticated pages unless necessary.
Sensitive browsing sessions or captured content may be handled by the configured Browserless service.
The skill is designed to connect to a Browserless service, including a cloud provider option. Browsing activity, page contents, screenshots/PDFs, and uploaded files may pass through that provider.
BROWSERLESS_URL=wss://chrome.browserless.io BROWSERLESS_TOKEN=abc123def456
Use a trusted Browserless endpoint, prefer self-hosting for sensitive sites, use wss:// for production, and avoid sending confidential pages or files through third-party infrastructure unless approved.
A future dependency version could introduce incompatibilities or supply-chain risk.
The dependency is not version-pinned. Playwright is expected for this skill, but unpinned installs can change behavior over time.
playwright
Pin Playwright to a reviewed version and provide a lockfile or reproducible install instructions.
Session cookies or local storage values may be exposed to the agent or changed during automation.
The skill can read and modify browser storage. This is normal for browser automation, but storage can contain session state or site-specific identifiers.
Storage Access: Manage cookies, localStorage, sessionStorage
Avoid using storage actions on sensitive authenticated sessions unless needed, and clear browser state after sensitive workflows.