← 返回 Skills 市场
hsyhph

Browser Stagehand

作者 hsyhph · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
138
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-stagehand
功能描述
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...
安全使用建议
Do not run the suggested npm install/npm link or provide API keys until you verify the actual CLI source code and package.json. Specific things to check or ask the author before installing: 1) Provide the package.json and source (src/) so you can audit what npm will install and what the global 'browser' binary does. 2) Explain why ANTHROPIC_API_KEY and Browserbase keys are needed and declare them in registry metadata; confirm what data (pages, screenshots, extracted data) is sent to any remote service and where. 3) If you must test, do so in an isolated environment (VM/container) and avoid exporting real credentials; use throwaway accounts and network monitoring. 4) Be aware that the tool preserves a Chrome user-data directory (.chrome-profile) and saves downloads — this can expose cookies and local session data. 5) Prefer explicit user prompts before any remote execution; avoid automatic switching to remote mode based on a local .env file unless you trust the remote endpoint. If the author can supply a coherent package (code + package.json) and update registry metadata to list required env vars, re-evaluate after reviewing the source.
功能分析
Type: OpenClaw Skill Name: openclaw-stagehand Version: 1.0.0 The skill bundle provides a browser automation interface using Stagehand and Playwright, granting the agent broad 'Bash' execution privileges. While aligned with its stated purpose, it introduces high-risk behaviors including persistent browser profiles ('.chrome-profile/'), automatic downloads to the local filesystem ('./agent/downloads/'), and the ability to access internal networks. The combination of shell access and the processing of untrusted web content makes the system highly vulnerable to indirect prompt injection attacks. Furthermore, the documentation references a non-existent model version ('claude-haiku-4-5-20251001') and future-dated timestamps, which is anomalous.
能力评估
Purpose & Capability
The skill claims to automate a browser via a 'browser' CLI. That purpose fits the instructions, but the package metadata says no required env vars, no binaries, and no install steps — while the SKILL.md and setup.json explicitly require ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY/BROWSERBASE_PROJECT_ID, and instruct npm install/npm link to create a global 'browser' command. Requiring an LLM API key and an optional remote Browserbase key is plausible for the described capability, but those credentials are not declared in the registry metadata — this mismatch is incoherent.
Instruction Scope
The runtime instructions tell the agent to automatically detect Browserbase keys from a .env file and switch between remote and local modes without user prompting, to launch Chrome with a persistent profile (.chrome-profile) and remote debugging on port 9222, to auto-download files into ./agent/downloads, and to preserve session cookies. These actions go beyond a simple CLI description and imply reading local .env, writing/using persistent browser profiles, and potentially sending page data to a remote service — all of which are sensitive behaviors not declared in the package metadata.
Install Mechanism
There is no install spec in the registry entry, yet SKILL.md/setup.json instruct the user to run 'npm install' and 'npm link' to create a global 'browser' command. The package provided here contains documentation files only (no package.json or source files listed), so the recommended install steps cannot be verified from the bundle. That is an inconsistency and raises risk: following npm install/npm link installs and runs code not present in this package snapshot unless obtained from elsewhere — the instructions should include explicit, verifiable install sources.
Credentials
The skill's docs require/encourage ANTHROPIC_API_KEY and optionally BROWSERBASE_API_KEY and BROWSERBASE_PROJECT_ID, but the registry metadata declares no required env vars or primary credential. Requesting LLM API keys and a remote Browserbase project is plausible for AI-driven page interactions and remote execution, but those are sensitive credentials. The automatic, non-interactive decision to use a remote Browserbase when keys are present is surprising and could cause data to be sent externally without explicit confirmation.
Persistence & Privilege
The tool uses a persistent Chrome profile directory (.chrome-profile) and stores downloads in ./agent/downloads — the profile preserves cookies/sessions across runs and Chrome is launched with remote debugging enabled (port 9222). While persistence is coherent for browser automation, this grants ongoing access to local session data and opens a remote debugging port; combined with an automatic remote mode, this increases privacy and exfiltration risk if credentials or remote endpoints are misused. The skill does not request forced always-on privileges, but its suggested setup creates lasting artifacts on disk.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-stagehand
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-stagehand 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
openclaw-stagehand 1.0.0 - Initial release: Automate web browser interactions via Stagehand CLI using natural language. - Supports both local Chrome and remote Browserbase environments with automatic selection based on configuration. - Provides commands for navigation, form filling, element interaction, data extraction, screenshots, and browser control. - Identical command set for both local and remote modes. - Includes troubleshooting tips and best practices for setup and usage.
元数据
Slug openclaw-stagehand
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Browser Stagehand 是什么?

Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 138 次。

如何安装 Browser Stagehand?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-stagehand」即可一键安装,无需额外配置。

Browser Stagehand 是免费的吗?

是的,Browser Stagehand 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Browser Stagehand 支持哪些平台?

Browser Stagehand 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Browser Stagehand?

由 hsyhph(@hsyhph)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论