MagicBrowse
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may navigate and prepare actions on websites, but should not finalize purchases, posts, deletions, or settings changes without asking first.
The skill can drive a browser and reach account-affecting actions, but the artifact explicitly requires stopping for user approval before consequential steps.
`magicbrowse` may navigate, inspect, draft, and prepare. It must stop and ask before submitting a form, posting or sending content, accepting terms, changing account data or settings, booking, buying, ordering, deleting or modifying remote data
Use it for navigation and preparation, and verify that the agent asks before any final submit, buy, post, save, delete, or similar action.
Installing and using the skill requires giving it access to a provider API credential.
The skill requires a MagicPay API key and local shared configuration, which is expected for this provider-backed browser automation workflow.
"requires": { "env": ["MAGICPAY_API_KEY"], "bins": ["magicbrowse"], "config": ["~/.magicpay/config.json"] }Provide only the intended MagicPay API key, keep it out of logs, and rotate or remove it if you no longer use the skill.
If you approve use of an existing browser profile or CDP endpoint, the agent may act with the authority of accounts already logged in there.
The artifacts disclose that attaching to an existing browser/profile can use the user's logged-in sessions, and require explicit approval before doing so.
Existing CDP endpoints, named profiles, and explicit `--user-data-dir` paths may already be logged in to real accounts. Acting through them inherits that browser's authority
Prefer a fresh browser session; approve existing profiles or CDP endpoints only for the current task and keep endpoints private.
Content visible in the automated browser may be processed by the provider gateway, especially when vision mode is used.
The browser automation sends page context, and optionally screenshots, to an external gateway; this is disclosed and bounded by approval guidance.
LLM-backed `act` sends page state to the gateway. `act --use-vision` can include screenshots. Treat both as external processing of the current page context.
Avoid private or sensitive pages unless necessary, and approve vision mode only when screenshots are acceptable for that workflow.
Future installs could receive a newer CLI version than the one the skill author had in mind.
The install specification uses an external npm package with the moving `latest` tag, so the installed runtime may change over time and is not pinned in these artifacts.
"package": "@mercuryo-ai/magicbrowse-cli@latest"
Install only if you trust the publisher and npm package; consider pinning a known-good version in controlled environments.
Running multiple browser/payment workflows at the same time with the default homes could mix up session state.
The artifacts disclose a shared local state design that can cause cross-talk between concurrent workflows unless isolated.
`$MAGICBROWSE_HOME/current-session.json` ... is a singleton pointer. MagicPay workflow state under `~/.magicpay/` is also singleton state. Concurrent workflows on the same homes silently overwrite each other's session state
Do not run parallel workflows on the same defaults; set separate MAGICBROWSE_HOME and isolated HOME/config locations when needed.