← Back to Skills Marketplace
Browser Automation
by
AbelTennyson
· GitHub ↗
· v1.0.0
· MIT-0
67
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install abe-browser-automation
Description
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...
README (SKILL.md)
Browser Automation
Automate browser interactions using Stagehand CLI with SkillBoss API Hub.
First: Environment Selection (Local vs Remote)
The skill automatically selects between local and remote browser environments:
- If SKILLBOSS_API_KEY exists (SKILLBOSS_API_KEY in .env file): Uses SkillBoss API Hub remote mode
- If no SKILLBOSS_API_KEY: Falls back to local Chrome browser
- No user prompting: The selection happens automatically based on available configuration
Setup (First Time Only)
Check setup.json in this directory. If setupComplete: false:
npm install # Install dependencies
npm link # Create global 'browser' command
Commands
All commands work identically in both modes:
browser navigate \x3Curl> # Go to URL
browser act "\x3Caction>" # Natural language action
browser extract "\x3Cinstruction>" ['{}'] # Extract data (optional schema)
browser observe "\x3Cquery>" # Discover elements
browser screenshot # Take screenshot
browser close # Close browser
Quick Example
browser navigate https://example.com
browser act "click the Sign In button"
browser extract "get the page title"
browser close
Mode Comparison
| Feature | Local | SkillBoss API Hub |
|---|---|---|
| Speed | Faster | Slightly slower |
| Setup | Chrome required | SKILLBOSS_API_KEY required |
| Stealth mode | No | Yes |
| Proxy/CAPTCHA | No | Yes |
| Best for | Development | Production/scraping |
Best Practices
- Always navigate first before interacting
- View screenshots after each command to verify
- Be specific in action descriptions
- Close browser when done
Troubleshooting
- Chrome not found: Install Chrome or use SkillBoss API Hub remote mode
- Action fails: Use
browser observeto discover available elements - Remote mode fails: Verify SKILLBOSS_API_KEY is set
For detailed examples, see EXAMPLES.md. For API reference, see REFERENCE.md.
Usage Guidance
This skill appears to be a legitimate browser automation tool, but be cautious before installing or running it:
- Metadata mismatch: the registry claimed no required env vars, but SKILL.md and setup.json require/expect SKILLBOSS_API_KEY. Treat the presence of that key as enabling remote behavior.
- Remote data exposure: if SKILLBOSS_API_KEY is present the skill will route actions and page analysis to SkillBoss API Hub (api.heybossai.com). That can include HTML, extracted data, screenshots, and anything you type into pages (including passwords). If you must use the skill, avoid setting SKILLBOSS_API_KEY, or only set it in a controlled account/environment.
- Automatic selection: the skill auto-switches to remote mode 'without user prompting' if the key exists. If you want to ensure local-only operation, remove the key from the environment and do not create the .env entry.
- Persistent local state: the skill uses a persistent Chrome profile (.chrome-profile/) that preserves cookies and sessions. Use a disposable profile or inspect/clean that directory if you care about session persistence.
- Install-time caution: the setup requires running 'npm install' and 'npm link' which will pull dependencies from npm — review the code and package.json before running in production systems.
Actions you can take before installing/using:
- Inspect the code repository (src files) and package.json for network calls and what data is sent to the remote API.
- Run the tool in an isolated environment (VM/container) and use a disposable Chrome profile to avoid leaking real credentials/cookies.
- If you need to browse sensitive sites, avoid setting SKILLBOSS_API_KEY and verify the tool runs in local-only mode.
If you want, I can list concrete checks to run on the npm package or help craft environment constraints to reduce risk.
Capability Analysis
Type: OpenClaw Skill
Name: abe-browser-automation
Version: 1.0.0
The skill provides powerful browser automation capabilities using Stagehand and a custom CLI tool, which includes high-risk behaviors such as persistent session management via local Chrome profiles and automatic file downloads to the './agent/downloads/' directory. It is classified as suspicious because it employs stealth techniques like launching the browser off-screen (--window-position=-9999,-9999), routes potentially sensitive page data to a third-party endpoint (api.heybossai.com), and contains instructions in SKILL.md for the agent to operate autonomously without user prompting. While these features are plausibly necessary for the stated purpose of browser automation, they create a significant surface for unauthorized data access or stealthy execution.
Capability Tags
Capability Assessment
Purpose & Capability
The skill's name and documentation describe browser automation using a local Chrome + a Stagehand/Playwright CLI and optionally a remote 'SkillBoss API Hub'. That capability aligns with the requested functionality. However, the package metadata in the registry lists no required environment variables while SKILL.md and setup.json both reference SKILLBOSS_API_KEY (and setup.json marks it as required). This metadata/instruction mismatch is inconsistent and should be resolved.
Instruction Scope
The runtime instructions tell the agent to use a remote model routed via SkillBoss API Hub (https://api.heybossai.com/v1/pilot) when SKILLBOSS_API_KEY is present. That means page contents, extracted data, screenshots, and possibly form inputs/cookies could be sent to an external service. The skill also auto-selects remote vs local mode 'with no user prompting' based on an env var found in .env, which may cause unexpected remote data transmission. Examples in EXAMPLES.md show entering credentials and using a persistent Chrome profile ('.chrome-profile/'), increasing the chance sensitive data is present in what is sent.
Install Mechanism
This is instruction-only (no install spec), but setup.json instructs the user to run 'npm install' and 'npm link' to install a local CLI. That means code will be installed/built locally only if the user follows setup — there is no hidden remote install URL in the registry. Still, running npm install will fetch dependencies from npm and should be inspected before running.
Credentials
The only meaningful credential referenced is SKILLBOSS_API_KEY, which is proportionate to enabling a remote AI-driven mode. However: (1) the registry metadata claims no required env vars while SKILL.md/setup.json say the key is required/used; (2) possession of that key enables remote routing of page content and screenshots to a third-party endpoint, which is a high-impact capability when browsing sensitive sites; (3) the skill preserves a Chrome profile directory (session cookies), which could cause persistent sensitive state to be re-used or exposed.
Persistence & Privilege
The skill is not 'always: true' and does not request elevated system privileges, but it instructs creation/use of persistent resources (.chrome-profile/, ./agent/downloads/, ./agent/browser_screenshots/) and will preserve session cookies. Combined with the automatic remote-mode selection and autonomous invocation being allowed by default, this increases the blast radius: if the agent invokes the skill and SKILLBOSS_API_KEY is present, browsing activity (including credentials entered during flows) could be routed externally without an explicit prompt.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install abe-browser-automation - After installation, invoke the skill by name or use
/abe-browser-automation - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of the browser automation skill.
- Automates browser actions using natural language via CLI commands.
- Supports both local Chrome and remote SkillBoss API Hub modes, with automatic environment selection.
- Enables navigation, interaction, data extraction, screenshots, and more.
- No user prompting required for mode selection; based on SKILLBOSS_API_KEY.
- Includes troubleshooting tips and best practices for effective use.
Metadata
Frequently Asked Questions
What is Browser Automation?
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w... It is an AI Agent Skill for Claude Code / OpenClaw, with 67 downloads so far.
How do I install Browser Automation?
Run "/install abe-browser-automation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Browser Automation free?
Yes, Browser Automation is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Browser Automation support?
Browser Automation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Browser Automation?
It is built and maintained by AbelTennyson (@abeltennyson); the current version is v1.0.0.
More Skills