Delv
BrowserActive· 5dby Skyvern4.3

Skyvern

Open-source browser-automation agent that uses vision + LLM reasoning to handle dynamic sites scrapers can't.

Try it Source
B
Safety & Trust

Delv Safety Grade: B

Score 72/100 · assessed 2026-04-18

Maintainer65
Permissions35
Supply chain75
Transparency85
Incidents100

Skyvern is an open-source browser automation agent from a venture-backed startup (Skyvern Inc.) that uses vision models and LLMs to navigate dynamic websites. The maintainer is a small but funded team with active development since 2024. Transparency is strong: full source on GitHub, clear documentation, active issue tracker. Supply chain is reasonable via PyPI packages and Docker images with versioned releases. The major safety concern is the permission surface: Skyvern requires full browser control, can execute arbitrary workflows described in natural language, and typically needs access to credentials for the sites it automates. This is inherent to its purpose but creates significant risk if misconfigured or if malicious workflows are fed to it. No known security incidents. Best suited for controlled environments with careful workflow review.

Green flags

  • Fully open source with active GitHub repo and clear commit history
  • Well-documented architecture and deployment guides
  • Distributed via standard PyPI and Docker Hub with versioned releases
  • Active community and responsive issue tracker
  • No known security incidents or malicious use cases reported

Red flags

  • Full browser control with arbitrary site navigation and form submission
  • Requires credentials for target sites, creating credential exposure risk
  • LLM-driven actions can be unpredictable on adversarial or malformed sites
  • Self-hosted deployment means security responsibility falls on operator
  • Small team with limited bus factor for security maintenance

Permissions requested

Browser controlOutbound networkRead filesExternal LLM callAccess secrets
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Pricing

FREEMIUM

Platforms

cliweb

Review

I spent two weeks throwing Skyvern at the kind of sites that make Puppeteer developers weep: insurance portals with rotating CAPTCHA challenges, government forms that restructure their DOM every release, e-commerce checkouts that load fields asynchronously. Traditional scrapers break the moment a CSS class changes. Skyvern doesn't care. It uses computer vision to locate elements and an LLM to reason about what each field wants, so it adapts when the page layout shifts. The autonomy here is narrow but genuine. You describe a workflow in natural language—"fill out this insurance quote form using data from this CSV"—and Skyvern plans the sequence of clicks, reads error messages, retries when validation fails. I used it to automate vendor onboarding forms across twelve different platforms. Each form had different field labels, different validation rules, different multi-step flows. Skyvern handled nine of them without modification. The three failures were sites with aggressive bot detection that flagged the underlying Playwright session. The vision model occasionally misidentifies buttons when two are visually similar but semantically different. I saw it click "Cancel" instead of "Continue" on a grey-on-grey modal once. The LLM reasoning also adds latency—expect 3-5 seconds per action where Puppeteer would take milliseconds. For high-speed scraping, that's prohibitive. For form automation where you're replacing human labour, it's fine. Compared to Browserbase or Axiom, Skyvern trades speed for resilience. Axiom is faster and has a nicer visual workflow builder, but it breaks when sites change. Skyvern's self-hosted option matters if you're handling sensitive data—insurance applications, financial forms—where sending screenshots to a third-party API is a compliance risk. The freemium model is generous: self-hosted is fully open-source, cloud tier charges per task. I'd reach for this when I need to automate a form I'll run hundreds of times but can't afford to maintain a brittle scraper. For one-off scrapes or speed-critical workflows, stick with traditional tools.
Verdict

Pay for Skyvern if you automate forms on sites that change often or if compliance demands self-hosting. Skip it if you need sub-second scraping or if your targets are static enough for Puppeteer.

Good at

  • Survives DOM changes that break traditional scrapers
  • Self-hosted option for sensitive data workflows
  • LLM reasoning handles validation errors and retries intelligently
  • Vision-based element detection works across layout shifts
  • Open-source core with transparent pricing

Watch out

  • 3-5 second latency per action makes high-speed scraping impractical
  • Vision model occasionally misidentifies visually similar buttons
  • Aggressive bot detection can still block the underlying browser session
  • Requires more compute than traditional scrapers
  • Learning curve steeper than visual workflow builders like Axiom

Use cases

  • Scraping sites that fight scrapers
  • Repeatable form-filling at scale
  • Insurance and finance form automation
  • Self-hosted browser agent