Long Research
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is a coherent long-form research skill, but it can use logged-in browser profiles and cloud browser/sub-agent providers, which may expose private page content or research queries during autonomous runs.
Install only if you are comfortable with a research agent using browser automation. For safer use, start in Interactive mode, remove or disable browser-use remote mode, use dedicated throwaway browser profiles instead of personal logged-in sessions, avoid sensitive research topics, and review the generated research files after each run.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may access and summarize content that is only available through your existing logged-in sessions, potentially including account-specific or private information.
The skill can read pages using existing logged-in browser sessions. That is high-impact account/session access, and the artifacts do not tightly scope which accounts, profiles, or sites may be used.
The skill includes patterns for extracting content from login-gated forums using `--profile` flags. Profiles persist cookies locally on your machine ... it uses browser-use's cookie persistence from previous manual sessions.
Use separate least-privileged browser-use profiles for research, avoid personal accounts, prefer Interactive mode, and approve each login-gated site before allowing the agent to use a profile.
Pages the agent opens, including potentially sensitive or account-gated pages, may be processed by browser-use.com's cloud infrastructure if remote mode is used.
The skill discloses that browser page content can be sent to an external cloud service. Combined with profile-backed and login-gated browsing, this creates a sensitive data boundary concern.
The browser-use cascade tries 3 modes in order: `chromium` ... → `remote` (cloud-hosted, burns API credits). Remote mode sends page content to browser-use.com's cloud infrastructure.
Remove remote mode from the cascade or require explicit per-use approval before remote mode, especially for logged-in sites, private pages, financial/account pages, or sensitive research topics.
Sensitive research topics may be shared with the model provider used by any delegated sub-agent.
The skill clearly discloses an inter-agent/model-provider data flow involving the user's query and the skill instructions.
The skill mandates pasting full instructions into sub-agent task prompts. This means the entire SKILL.md (including your research query) is sent to whatever model provider your sub-agent uses.
Do not use this skill for confidential research unless you trust the configured model providers and understand their data retention policies.
Installing the dependency may pull code and browser components from outside the reviewed skill artifact.
The skill depends on an external package and install command, but the registry install spec lists no required binaries or install steps. This appears central to the stated purpose, but it is under-declared and unpinned.
browser-use (REQUIRED) — install via `pip install browser-use && browser-use install`.
Install browser-use only from a trusted source, consider pinning versions, and review the dependency before using it with logged-in profiles.
The agent can automate browsing actions and run page JavaScript to extract content, which may interact with dynamic or logged-in websites.
The skill documents shell-driven browser automation and JavaScript evaluation in page contexts. This is expected for browser-based research, but it gives the agent broad interaction capability on websites.
browser-use --session forum --browser chromium eval "Array.from(document.querySelectorAll('[data-role=commentContent], .post-body, .message-content'))..."Use sandboxed or dedicated browser profiles, avoid sensitive accounts, and prefer Interactive mode when the agent is navigating unfamiliar sites.
A long autonomous run could use cloud credits, create many files/tool calls, or continue browsing longer than expected if the user approves a long duration.
The skill is designed for long-running autonomous work. It requires a pre-flight approval gate, so this is disclosed and user-directed, but it can consume time, credits, and browsing resources.
Tell it how long to research (10 min, 2 hours, all night) and it works the full duration ... Wall-clock time commitment — it won't finish early.
Start with short runs, use Interactive mode first, and set clear duration and tool limits before approving the plan.
Sensitive research results may remain on disk after the session and may be reused as recovery context.
The skill persistently writes research findings and checkpoints to local files for recovery and context management. This is disclosed and purpose-aligned.
ALL raw findings → `research/[topic]-[date].md` ... Checkpoints in the research file serve as recovery anchors after compaction.
Run the agent in a safe working directory and delete or protect research files that contain sensitive information.