← 返回 Skills 市场
172
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-browser-stagehand
功能描述
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...
安全使用建议
This skill appears to implement the advertised browser automation CLI, but the registry metadata omits important runtime requirements and behaviors. Before installing or running it, consider the following: (1) the docs expect an ANTHROPIC_API_KEY (and optionally Browserbase API keys) stored in .env or exported — do not place unrelated secrets there; (2) the tool uses a persistent Chrome profile (.chrome-profile) and will preserve cookies/sessions — use a dedicated profile or run in a disposable environment if you don't want session data retained; (3) downloads go to ./agent/downloads and screenshots to ./agent/browser_screenshots — review those directories and clean them after use; (4) the setup requires running `npm install`/`npm link` which installs external packages — inspect package.json and dependency sources before installing; (5) the skill auto-selects remote vs local mode without prompting, which could cause it to use remote services if API keys are present; (6) ask the publisher to update registry metadata to list required env vars (ANTHROPIC_API_KEY, optional BROWSERBASE_API_KEY/BROWSERBASE_PROJECT_ID), required binaries (Chrome), and to provide a source repository so you can inspect code. If you cannot verify these details, run the tool in an isolated container or VM and avoid sharing production credentials.
功能分析
Type: OpenClaw Skill
Name: openclaw-browser-stagehand
Version: 1.0.0
The skill provides extensive browser automation capabilities using the Stagehand library, including full network access (with explicit mention of localhost/internal networks), persistent session storage via '.chrome-profile/', and automatic file downloads to the local filesystem. While these features are documented in REFERENCE.md and EXAMPLES.md as necessary for the tool's stated purpose, they represent high-risk behaviors—specifically the ability to interact with internal services and perform 'stealth' operations (e.g., launching the browser off-screen at -9999,-9999). Per the analysis criteria, these risky capabilities warrant a suspicious classification despite the lack of clear evidence of malicious intent.
能力评估
Purpose & Capability
Name/description (browser automation) aligns with the CLI commands and examples. Using an LLM-backed Stagehand and a remote provider (Browserbase) is plausible for this purpose. However, the skill metadata claims no required env vars/binaries while the instructions clearly require or recommend ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY / BROWSERBASE_PROJECT_ID, and Chrome — a discrepancy that should be explained.
Instruction Scope
SKILL.md and REFERENCE.md explicitly instruct the agent/user to read .env, check setup.json, use a persistent Chrome profile (.chrome-profile/), save downloads to ./agent/downloads/, and automatically choose remote vs local based on available API keys with 'No user prompting'. Those actions expand scope beyond a simple 'run this CLI' skill: reading .env (sensitive), persisting session cookies, writing downloads/screenshots to agent folders, and automatic non-interactive selection increase risk and should have been declared up-front.
Install Mechanism
The skill is instruction-only (no install spec) which is lower risk, but setup.json tells users to run `npm install` and `npm link` to create a global `browser` command. Installing arbitrary npm dependencies carries supply-chain risk and should be made explicit in registry metadata (package.json, exact dependency list, and source repo).
Credentials
Registry metadata lists no required env vars, but setup.json and docs instruct to provide ANTHROPIC_API_KEY and detect BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID in .env. Those are sensitive credentials; requiring them makes sense for an LLM-driven and/or remote-browser service — but their absence from the declared `requires.env` is a clear mismatch and a red flag. Also using a persistent Chrome profile means the tool may access or retain cookies/session data.
Persistence & Privilege
The skill does not set always:true and does not request elevated agent privileges. However it deliberately uses a persistent Chrome profile and saves downloads/screenshots to agent directories, and configures Chrome to run off-screen. Persistence of .chrome-profile and automatic download behavior could cause long-lived local state (cookies, auth) and should be considered by users before enabling.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-browser-stagehand - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-browser-stagehand触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
openclaw-browser-stagehand 1.0.0
- Initial release of browser automation skill for CLI.
- Supports both local Chrome and remote Browserbase environments with automatic selection.
- Provides commands to navigate, interact, extract data, observe elements, take screenshots, and close the browser.
- No user prompting required for environment selection—decision is based on available configuration.
- Includes setup instructions, best practices, and troubleshooting guidance.
元数据
常见问题
Browser Stagehand 是什么?
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 172 次。
如何安装 Browser Stagehand?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-browser-stagehand」即可一键安装,无需额外配置。
Browser Stagehand 是免费的吗?
是的,Browser Stagehand 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Browser Stagehand 支持哪些平台?
Browser Stagehand 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Browser Stagehand?
由 hsyhph(@hsyhph)开发并维护,当前版本 v1.0.0。
推荐 Skills