Browser Automation
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed browser automation helper, but it gives the agent broad control over logged-in websites and includes automatic confirmation and cookie-clearing behavior that users should review carefully.
Before installing, make sure you trust the external browser MCP server and prefer a separate browser profile for automation. Ask the agent to confirm before posting, sending email, submitting forms, accepting dialogs, uploading files, or clearing cookies.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The browser could approve a warning or confirmation that the user did not intend to accept.
The skill directs the agent to accept browser dialogs by default. Dialogs can be confirmations for posting, submitting, deleting, payments, or other account-changing actions.
操作过程中遇到弹窗,优先使用 `browser_handle_dialog` 处理,默认选择"确认"
Require the agent to read dialog text aloud and ask the user before confirming any dialog that changes data, sends content, purchases, deletes, or affects an account.
The skill may disrupt browser sessions, log the user out of sites, or remove session state more broadly than expected.
Cookies are browser session material tied to logged-in identities. The instruction is broad and automatic, without limiting which site cookies are cleared or requiring separate user approval.
操作过程中若涉及用户隐私数据,操作完成后自动清理浏览器缓存和Cookie
Use a dedicated browser profile where possible, and change this behavior to ask before clearing cookies or to clear only the specific site involved.
The real browser-control behavior depends on external software not reviewed here.
The skill relies on an external MCP server and may invoke a browser installation flow, but those components are not included in the reviewed artifacts.
- **依赖MCP**: tai-app-browser-mcp-server ... 调用 browser_install 进行安装
Verify the MCP server and browser installer source before use, and avoid installing them from untrusted channels.
On sensitive or untrusted pages, custom JavaScript could expose or change more data than a normal click-based workflow.
Executing custom JavaScript in a page is a powerful automation capability. It is disclosed and purpose-aligned, but it can alter page state or extract page data.
执行JS代码:使用 `browser_evaluate` 可执行自定义JavaScript
Use JavaScript execution only when necessary, on trusted pages, and after confirming what the script will do.
Private webpage contents, email pages, account pages, or request details may be exposed to the agent/tooling during automation.
The skill sends page snapshots, screenshots, and network-request information through the browser MCP/tool boundary; these can include private page content.
`browser_snapshot` 获取页面元素快照 ... `browser_take_screenshot` ... `browser_network_requests` 可查看页面加载的所有接口请求
Avoid using it on highly sensitive pages unless you trust the MCP server and understand its logging/storage behavior.