Description

Stealth-first browser automation for OpenClaw using agent-browser-stealth. Use when tasks involve bot-protected websites, anti-fingerprint evasion, captcha-p...

README (SKILL.md)

agent-browser-stealth for OpenClaw

Name: Agent Browser Stealth
Author: leeguooooo

Use this skill when the task needs web automation and anti-bot stability.

What this skill prioritizes

Use agent-browser CLI from agent-browser-stealth package
Prefer stealth-safe interaction patterns over brittle one-shot scripts
Keep command flow deterministic: open -> snapshot -> act -> re-snapshot
Minimize bot signals with humanized pacing and stable session reuse

Install and baseline

pnpm add -g agent-browser-stealth
agent-browser install
agent-browser --version

If default CDP mode is used in your environment, the CLI first tries localhost:9333 and then auto-discovery. You can still pass --cdp / --auto-connect explicitly when needed.

Standard execution workflow

agent-browser open \x3Curl>
agent-browser wait --load networkidle
agent-browser snapshot -i
# choose refs (@e1, @e2, ...)
agent-browser click @eN
agent-browser fill @eM "..."
agent-browser snapshot -i

Use refs (@e1) from snapshot output whenever possible.

Anti-bot operating rules

Prefer headed mode for sensitive targets:

agent-browser --headed --session-name shop open https://example.com

Reuse session state to avoid repeated cold-start fingerprints:

agent-browser --session-name shop open https://example.com

Keep interactions human-like:

agent-browser type @e2 "query" --delay 120
agent-browser wait 1200-2600

For contenteditable editors, use keyboard mode:

agent-browser click "[contenteditable='true']"
agent-browser keyboard type "Hello world" --delay 90

If text must literally include --delay, stop arg parsing with --:

agent-browser type @e2 -- "--delay 120"
agent-browser keyboard type -- "--delay 120"

Region-sensitive websites

For region-bound sites, open target domain directly and let locale/timezone alignment apply.

agent-browser open https://shopee.tw

Only override locale/timezone when explicitly required by the task.

Recovery patterns

If blocked or unstable:

Retry with --headed.
Reuse --session-name.
Slow down action cadence (wait, type --delay).
Re-open page and regenerate refs with snapshot -i.

Minimal recipes

Login flow:

agent-browser --session-name account open https://example.com/login
agent-browser snapshot -i
agent-browser fill @e1 "$USERNAME"
agent-browser fill @e2 "$PASSWORD"
agent-browser click @e3
agent-browser wait --url "**/dashboard"

Search and capture:

agent-browser open https://example.com
agent-browser snapshot -i
agent-browser type @e2 "iphone" --delay 120
agent-browser press Enter
agent-browser wait --load networkidle
agent-browser screenshot result.png

Output expectations for OpenClaw

When using this skill, return:

Exact commands executed
Key page state changes (URL/title/important element text)
Any anti-bot signal encountered and mitigation used
Next safe action

Usage Guidance

This skill appears to be a reasonable stealthy browser automation guide, but take precautions before installing or using it: - Treat the pnpm global install as a supply-chain action: verify the npm package and GitHub repo, pin a specific version, and inspect the package source before installing globally. Consider installing in an isolated VM/container rather than your main workstation. - The SKILL.md uses $USERNAME and $PASSWORD but the skill metadata does not declare required credentials. Do not provide real secrets until you confirm how the agent will retrieve, store, and transmit them. Prefer ephemeral/test accounts where possible. - The skill asks you to return page element text and state; that can include PII or secrets. Decide and document what outputs are allowed, and redact or avoid capturing sensitive fields (passwords, OTPs, payment data). - The instructions connect to a local CDP endpoint (localhost:9333). Ensure that endpoint is not exposing other browser profiles or remote machines you don't intend the skill to control. - If you must use this skill, run it in an isolated environment, audit the installed package, pin versions, and limit autonomous invocation until you are comfortable with its behavior. Confidence in this assessment is medium: the skill's behavior is plausible for its stated purpose, but the omissions (undeclared credentials and unpinned third-party install) create real risk and ambiguity.

Capability Analysis

Type: OpenClaw Skill Name: agent-browser-stealth Version: 1.0.2 The skill instructs the AI agent to install a global `pnpm` package (`agent-browser-stealth`) and execute commands from it, as detailed in `SKILL.md`. This introduces a significant supply chain vulnerability, as a compromised external package could lead to arbitrary code execution on the host system. While the skill's stated purpose is benign browser automation, the reliance on and installation of external, globally-scoped software represents a high-risk capability. The skill also guides the agent to handle sensitive data like `$USERNAME` and `$PASSWORD` for login flows, further increasing the risk profile, though this is within its stated purpose. No direct malicious prompt injection attempts or explicit data exfiltration instructions were found.

Capability Assessment

ℹ Purpose & Capability

Name/description claim stealthy browser automation; SKILL.md consistently instructs use of an 'agent-browser' CLI and anti-bot patterns, which fits the declared purpose. However, the doc uses placeholders like $USERNAME and $PASSWORD without declaring required env vars or credentials in the skill metadata — a mismatch between claimed requirements and actual runtime expectations.

⚠ Instruction Scope

Instructions tell the agent to run a third-party CLI, perform login flows, take snapshots, read element text, and return 'key page state changes' and 'important element text'. That is within automation scope, but it grants broad discretion to capture and report page content (which may include sensitive data). The guidance for connecting to a local CDP (localhost:9333) is expected for browser tooling but also lets the CLI access any connected browser contexts. The SKILL.md does not constrain what data may be returned or how to treat credentials, increasing the risk of accidental exfiltration.

ℹ Install Mechanism

No registry install spec in the skill metadata, but the README instructs 'pnpm add -g agent-browser-stealth' and 'agent-browser install' — a global npm/pnpm install from the public registry. This is a common but higher-risk pattern than instruction-only because it pulls and executes third-party code; the SKILL.md does not pin a package version or point to a verified release artifact.

⚠ Credentials

Skill metadata declares no required env vars or credentials, but the instructions use $USERNAME and $PASSWORD placeholders in login recipes. That mismatch means the skill expects credentials but hasn't declared or justified them. The skill also references connecting to a CDP on localhost:9333 (which may access local browser profiles and session data) — reasonable for automation but a capability the metadata doesn't call out.

✓ Persistence & Privilege

The skill does not request 'always: true' and has no install spec in the registry metadata; it is user-invocable and can be invoked autonomously (platform default). It does instruct installing a global CLI, which would add a tool to the system if the user follows the SKILL.md, but the skill itself doesn't request elevated or persistent platform privileges in the manifest.

Version History

v1.0.2

- Updated SKILL.md to clarify how the CLI locates the browser in default CDP mode, describing its first attempt at localhost:9333 and fallback to auto-discovery. - Improved installation instructions for environments using default CDP mode. - No changes to code or functionality; documentation update only.

v1.0.1

- Changed global installation instructions from npm to pnpm in the setup section. - No other content or workflow changes.

v1.0.0

Initial release of agent-browser-stealth for OpenClaw: - Enables stealth-focused browser automation for bot-protected and region-sensitive websites. - Uses agent-browser CLI with anti-fingerprint and session persistence best practices. - Provides deterministic workflow: open → snapshot → act → re-snapshot. - Minimizes detection via human-like pacing, reused sessions, and headed mode recommendations. - Includes standard execution recipes, anti-bot guidelines, and recovery steps. - Suitable for automation flows involving login, captcha, and search on e-commerce and sensitive targets.

Metadata

Slug agent-browser-stealth

Version 1.0.2

License —

All-time Installs 7

Active Installs 7

Total Versions 3

Frequently Asked Questions

What is Agent Browser Stealth?

Stealth-first browser automation for OpenClaw using agent-browser-stealth. Use when tasks involve bot-protected websites, anti-fingerprint evasion, captcha-p... It is an AI Agent Skill for Claude Code / OpenClaw, with 651 downloads so far.

How do I install Agent Browser Stealth?

Run "/install agent-browser-stealth" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agent Browser Stealth free?

Yes, Agent Browser Stealth is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agent Browser Stealth support?

Agent Browser Stealth is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agent Browser Stealth?

It is built and maintained by 郭立lee (@leeguooooo); the current version is v1.0.2.

More Skills

Agent Browser Stealth