← Back to Skills Marketplace
138
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-stagehand
Description
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...
Usage Guidance
Do not run the suggested npm install/npm link or provide API keys until you verify the actual CLI source code and package.json. Specific things to check or ask the author before installing: 1) Provide the package.json and source (src/) so you can audit what npm will install and what the global 'browser' binary does. 2) Explain why ANTHROPIC_API_KEY and Browserbase keys are needed and declare them in registry metadata; confirm what data (pages, screenshots, extracted data) is sent to any remote service and where. 3) If you must test, do so in an isolated environment (VM/container) and avoid exporting real credentials; use throwaway accounts and network monitoring. 4) Be aware that the tool preserves a Chrome user-data directory (.chrome-profile) and saves downloads — this can expose cookies and local session data. 5) Prefer explicit user prompts before any remote execution; avoid automatic switching to remote mode based on a local .env file unless you trust the remote endpoint. If the author can supply a coherent package (code + package.json) and update registry metadata to list required env vars, re-evaluate after reviewing the source.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-stagehand
Version: 1.0.0
The skill bundle provides a browser automation interface using Stagehand and Playwright, granting the agent broad 'Bash' execution privileges. While aligned with its stated purpose, it introduces high-risk behaviors including persistent browser profiles ('.chrome-profile/'), automatic downloads to the local filesystem ('./agent/downloads/'), and the ability to access internal networks. The combination of shell access and the processing of untrusted web content makes the system highly vulnerable to indirect prompt injection attacks. Furthermore, the documentation references a non-existent model version ('claude-haiku-4-5-20251001') and future-dated timestamps, which is anomalous.
Capability Assessment
Purpose & Capability
The skill claims to automate a browser via a 'browser' CLI. That purpose fits the instructions, but the package metadata says no required env vars, no binaries, and no install steps — while the SKILL.md and setup.json explicitly require ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY/BROWSERBASE_PROJECT_ID, and instruct npm install/npm link to create a global 'browser' command. Requiring an LLM API key and an optional remote Browserbase key is plausible for the described capability, but those credentials are not declared in the registry metadata — this mismatch is incoherent.
Instruction Scope
The runtime instructions tell the agent to automatically detect Browserbase keys from a .env file and switch between remote and local modes without user prompting, to launch Chrome with a persistent profile (.chrome-profile) and remote debugging on port 9222, to auto-download files into ./agent/downloads, and to preserve session cookies. These actions go beyond a simple CLI description and imply reading local .env, writing/using persistent browser profiles, and potentially sending page data to a remote service — all of which are sensitive behaviors not declared in the package metadata.
Install Mechanism
There is no install spec in the registry entry, yet SKILL.md/setup.json instruct the user to run 'npm install' and 'npm link' to create a global 'browser' command. The package provided here contains documentation files only (no package.json or source files listed), so the recommended install steps cannot be verified from the bundle. That is an inconsistency and raises risk: following npm install/npm link installs and runs code not present in this package snapshot unless obtained from elsewhere — the instructions should include explicit, verifiable install sources.
Credentials
The skill's docs require/encourage ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID, but the registry metadata declares no required env vars or primary credential. Requesting LLM API keys and a remote Browserbase project is plausible for AI-driven page interactions and remote execution, but those are sensitive credentials. The automatic, non-interactive decision to use a remote Browserbase when keys are present is surprising and could cause data to be sent externally without explicit confirmation.
Persistence & Privilege
The tool uses a persistent Chrome profile directory (.chrome-profile) and stores downloads in ./agent/downloads — the profile preserves cookies/sessions across runs and Chrome is launched with remote debugging enabled (port 9222). While persistence is coherent for browser automation, this grants ongoing access to local session data and opens a remote debugging port; combined with an automatic remote mode, this increases privacy and exfiltration risk if credentials or remote endpoints are misused. The skill does not request forced always-on privileges, but its suggested setup creates lasting artifacts on disk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-stagehand - After installation, invoke the skill by name or use
/openclaw-stagehand - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
openclaw-stagehand 1.0.0
- Initial release: Automate web browser interactions via Stagehand CLI using natural language.
- Supports both local Chrome and remote Browserbase environments with automatic selection based on configuration.
- Provides commands for navigation, form filling, element interaction, data extraction, screenshots, and browser control.
- Identical command set for both local and remote modes.
- Includes troubleshooting tips and best practices for setup and usage.
Metadata
Frequently Asked Questions
What is Browser Stagehand?
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w... It is an AI Agent Skill for Claude Code / OpenClaw, with 138 downloads so far.
How do I install Browser Stagehand?
Run "/install openclaw-stagehand" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Browser Stagehand free?
Yes, Browser Stagehand is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Browser Stagehand support?
Browser Stagehand is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Browser Stagehand?
It is built and maintained by hsyhph (@hsyhph); the current version is v1.0.0.
More Skills