Browser Secure
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a coherent browser-automation tool, but it can control logged-in browser sessions, use password-vault credentials, run automated actions, and store sensitive page captures, so it needs careful review before use.
Install only if you are comfortable giving a browser automation tool access to logged-in sessions and password-vault credentials. Start with incognito or a dedicated automation profile, use interactive approval mode for anything involving accounts or money, review the setup/install prompts, keep audit webhooks disabled unless trusted, and periodically delete stored captures and logs under ~/.browser-secure.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
On a logged-in site, an automated browser action could submit forms, change account data, post content, or make purchases before a person reviews each step.
The skill exposes broad natural-language browser actions that can run in a fully automated mode. Given the same artifact set describes authenticated/sensitive-site use and the capability signals include purchase authority, this is high-impact unless approvals and site/action limits are enforced.
# Perform actions (fully automated) browser-secure act "click the login button" browser-secure extract "get the article headlines"
Use interactive mode for authenticated or money-related sites, require explicit approvals for form submission/purchases/destructive actions, and restrict unattended use to low-risk sites and read-only tasks.
If the automation uses a personal or work Chrome profile, it may act as you on sites where you are already logged in.
Using an existing Chrome profile gives the automation access to local authenticated sessions and extensions for potentially many sites, not just one narrowly scoped credential. The behavior is disclosed, but it is broad identity/session authority.
Browser Secure can use your existing Chrome profiles, giving you access to saved cookies, session state, and existing website logins.
Prefer incognito or a dedicated automation profile. Avoid using a primary personal/work profile unless necessary, and confirm the exact target site and action before granting profile access.
Sensitive page contents from logged-in sessions may remain on disk after the browser session ends.
Captured page text, optional full HTML, and screenshots are persisted to the local scrapbook store. For authenticated browsing, these files can contain sensitive account or page data, and the provided capture code does not show a retention limit for scrapbook data.
full_text: options.saveFullText ? content.body : undefined, html_path: htmlPath, ... screenshot: screenshotPath, ... saveCapture(capture);
Disable full-text/HTML capture unless needed, review and purge ~/.browser-secure/scrapbook regularly, and avoid capturing pages containing secrets, financial data, or private account details.
If enabled, browsing activity logs may leave your machine and be sent to the configured endpoint.
Audit sessions can be sent to a configured webhook when audit mode is not file-only. This is user-configured and not enabled by default in the shown config loader, but audit records may include sensitive activity metadata.
const response = await fetch(webhookUrl, {
method: 'POST',
headers,
body: JSON.stringify(session)
});Keep audit mode set to local file unless you trust and control the webhook destination, and avoid putting secrets in audit details or headers.
Setup may install software or create a global command on your machine.
The onboarding flow can install external browser/vault tooling and link a global CLI. This is disclosed and purpose-aligned, but it changes the local environment and depends on external package sources.
"autoInstall": [ "playwright chromium browser", "bitwarden-cli (if brew available)", "1password-cli (if brew available)" ]
Review setup prompts, install dependencies manually if you prefer tighter control, and verify package sources before running onboarding.