Browsecraft
ReviewAudited by ClawScan on May 10, 2026.
Overview
Browsecraft is a disclosed browser-automation wrapper, but it can operate logged-in web sessions and relies on an external npm CLI, so users should keep it scoped.
Install this only if you trust the `browsecraft-cli` package. Use it on specific sites and workflows you choose, keep tokens in environment/config as recommended, connect only to trusted browser endpoints, and require explicit confirmation before form submissions, account changes, bulk actions, purchases, deletions, or public posts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to click, type, submit forms, and perform bulk actions on websites, including while signed in.
The skill intentionally exposes a browser automation CLI capable of logging in, filling forms, taking screenshots, and performing bulk actions. This is purpose-aligned, but powerful.
description: Memory-oriented browser automation skill for repeatable web workflows (login, extraction, bulk actions, form filling, screenshots, checks) ... allowed-tools: Bash(browsecraft:*)
Use it only for sites and tasks you explicitly choose, and require confirmation before purchases, deletes, public posts, account changes, or other high-impact bulk actions.
Installing the skill also means trusting the external `browsecraft-cli` package and its updates.
The skill depends on an external npm package to provide the executable, and the runnable package code was not included in the provided artifacts.
[0] node | package: browsecraft-cli | creates binaries: browsecraft
Install from a trusted npm source, consider pinning/reviewing the package version, and avoid installing it globally in sensitive environments unless needed.
If used with Roxy or logged-in browser sessions, the agent may act under your account privileges on websites or browser services.
The skill may use a Roxy API token and browser sessions to act with the user's delegated authority. The artifact discloses this and advises local configuration.
Optional (RoxyBrowser only): configure your Roxy API endpoint and token in local env/config.
Use least-privilege tokens where possible, prefer environment variables as instructed, and avoid exposing this skill to accounts or sites where unintended actions would be costly.
Connecting to an untrusted browser endpoint could expose page contents or allow actions in the browser context.
The skill can connect to browser endpoints, which may receive page data or actions. The artifact includes a user-consent safeguard for third-party endpoints.
Existing endpoint: `browsecraft connect <endpoint> --type <chrome|camoufox|roxy>` ... Never send credentials or page data to third-party endpoints unless the user explicitly requests it.
Connect only to trusted local or provider endpoints, and do not use third-party endpoints with logged-in or sensitive pages unless you explicitly intend to share that data.