← Back to Skills Marketplace
Use My Browser
by
flyinghanger
· GitHub ↗
· v1.0.0
· MIT-0
633
Downloads
1
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install use-my-browser
Description
Control the user's REAL Chrome browser via Tampermonkey injection. Trigger when user says "use my browser", "open in my browser", "check this page for me", o...
Usage Guidance
This skill is coherent with its description but potentially dangerous: it instructs running arbitrary JavaScript inside your real Chrome sessions (sharing cookies and logins) by installing a third‑party Tampermonkey userscript. Before installing or using it: (1) review the exact userscript source on GitHub line-by-line to ensure it doesn't exfiltrate data or phone home; (2) inspect the openclaw-tmwd plugin's code and npm page; (3) avoid using it on sensitive sites (banking, email, etc.) and consider testing with a throwaway profile; (4) require explicit human confirmation before the agent performs actions that submit forms or read private pages; and (5) if you cannot fully audit the userscript/plugin, do not install — the capability to act with your browser's auth is equivalent to giving the skill powerful access to your accounts.
Capability Analysis
Type: OpenClaw Skill
Name: use-my-browser
Version: 1.0.0
The skill provides tools to control the user's active Chrome browser and execute arbitrary JavaScript (`tmwd_exec`) within the context of authenticated web sessions, sharing all cookies and login states. While these high-risk capabilities are aligned with the stated purpose of browser automation, they create a significant attack surface for session hijacking and data exfiltration. Additionally, the setup requires installing a third-party userscript from a GitHub repository (lsdefine/pc-agent-loop), which introduces supply chain risks.
Capability Assessment
Purpose & Capability
The name/description match the instructions: the skill explicitly instructs the agent to control the real Chrome browser via a Tampermonkey userscript and an openclaw plugin. Reusing login sessions is part of the stated purpose, so the requested capabilities are coherent with the skill's stated goal.
Instruction Scope
The SKILL.md instructs the agent to execute arbitrary JavaScript in pages (tmwd_exec), read visible text, and interact with DOM elements. That grants the agent the ability to access cookies, localStorage, and any data the logged-in browser session can access (including sensitive pages). The instructions do not impose scope limits, per-action confirmation, or safe-usage constraints; they also provide examples that could be used to exfiltrate data (e.g., arbitrary JS with fetch/XHR).
Install Mechanism
There is no packaged install spec, but the SKILL.md tells the user to install an openclaw plugin and to install a Tampermonkey userscript from a raw.githubusercontent.com URL (owner: lsdefine). Pulling and running an external userscript is high-risk: the script runs with page privileges and comes from a third-party account with no homepage or trust signals in the skill metadata. This is disproportionate unless the userscript and plugin are audited by the user.
Credentials
The skill requests no environment variables or system credentials, which is proportionate. However, it depends on browser-level credentials (cookies/session state) implicitly; those are effectively powerful secrets because the skill reuses the user's login sessions and can act as the user on visited sites.
Persistence & Privilege
always is false (good), but the agent may invoke the skill autonomously. Combined with the skill's ability to run arbitrary JS in the user's active browser session, this increases the blast radius: an autonomously-invoked agent could perform actions in the user's identity without per-action confirmation. The SKILL.md does not require explicit user confirmation for actions that interact with sites or submit forms.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install use-my-browser - After installation, invoke the skill by name or use
/use-my-browser - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Use My Browser?
Control the user's REAL Chrome browser via Tampermonkey injection. Trigger when user says "use my browser", "open in my browser", "check this page for me", o... It is an AI Agent Skill for Claude Code / OpenClaw, with 633 downloads so far.
How do I install Use My Browser?
Run "/install use-my-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Use My Browser free?
Yes, Use My Browser is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Use My Browser support?
Use My Browser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Use My Browser?
It is built and maintained by flyinghanger (@flyinghanger); the current version is v1.0.0.
More Skills