Description

Control browser automation agents via the Bits MCP server. Use when running web scraping, form filling, data extraction, or any browser-based automation task. Bits agents can navigate websites, click elements, fill forms, handle OAuth flows, and extract structured data.

README (SKILL.md)

Bits MCP - Browser Automation

Name: Bits Browser Automation
Author: robbiethompson18

Bits is an AI browser automation platform. The MCP server lets you run browser automation tasks from your AI assistant.

Setup

1. Get an API Key

Go to app.usebits.com
Sign in with Google
Navigate to Settings → API Keys
Click Create API Key, give it a name
Copy the key (starts with bb_) — you won't see it again

2. Configure MCP

Add to your MCP config (e.g., ~/.openclaw/openclaw.json):

{
  "mcpServers": {
    "bits": {
      "command": "npx",
      "args": ["-y", "usebits-mcp"],
      "env": {
        "BITS_API_KEY": "bb_your_key_here"
      }
    }
  }
}

For Claude Code (~/.claude.json):

{
  "mcpServers": {
    "bits": {
      "command": "npx",
      "args": ["-y", "usebits-mcp"],
      "env": {
        "BITS_API_KEY": "bb_your_key_here"
      }
    }
  }
}

3. Restart

Restart your gateway/client to pick up the new MCP server.

Usage

The Bits MCP uses "Code Mode" — you write TypeScript SDK code that executes in a sandbox. Two tools are available:

Documentation search — Query the SDK docs
Code execution — Write and run TypeScript against the Bits SDK

Example: Scrape a Website

Use the Bits MCP to go to news.ycombinator.com and get the top 5 story titles

The agent will:

Search docs for navigation/scraping methods
Write TypeScript code to navigate and extract data
Execute it and return results

Example: Fill a Form

Use Bits to go to example.com/contact, fill out the contact form with name "Test" and email "[email protected]", then submit

Example: Extract Structured Data

Use Bits to scrape the product listings from example-store.com/products and return them as JSON with name, price, and URL fields

Capabilities

Navigate — Go to URLs, handle redirects
Read pages — Extract text, get page layouts, take screenshots
Interact — Click elements, fill inputs, press keys
Handle auth — OAuth popups, login forms, 2FA (with stored credentials)
Multi-window — Switch between tabs/popups
Structured output — Return data in specific JSON schemas

Creating Workflows (Optional)

For repeated tasks, create a workflow in the Bits web app:

Go to app.usebits.com → Workflows
Create a workflow with a definition (instructions for the agent)
Optionally add an output schema for structured responses
Run via API: POST /workflows/{id}/runs

Troubleshooting

"API key invalid" — Check your key starts with bb_ and is copied correctly.

Slow startup — First run downloads the MCP package via npx. Subsequent runs are faster.

Task stuck — Browser automation can hit CAPTCHAs or unexpected modals. Check the live view URL in the response.

Links

Web app: app.usebits.com
API docs: api.usebits.com/openapi.json

Usage Guidance

Summary of what to check before installing: - Verify the service and package: confirm app.usebits.com is the legitimate Bits service and inspect the npm package 'usebits-mcp' (owner, version, recent activity, tarball contents) before running npx. Prefer a pinned version and checksum rather than blind 'npx -y'. - Expect remote execution and data transfer: browser automation will send page contents and form values to the Bits service/sandbox. Do not automate pages that contain secrets or highly sensitive personal data unless you trust the service and understand its data-handling policies. - API key scope and storage: the SKILL.md requires a BITS_API_KEY but the registry metadata doesn't declare it—treat this as required. Use limited-scope or ephemeral API keys if possible, and avoid putting long-lived sensitive credentials into global agent config if you can scope them. - Configuration changes: the instructions edit your MCP config (~/.openclaw/openclaw.json or ~/.claude.json). Back up that file before modifying it and verify the exact JSON you add. - Privacy and 3rd-party credentials: the skill mentions handling OAuth/2FA and stored credentials — confirm where those credentials are stored, how long they are retained, and whether the Bits provider can access them. - If you need higher assurance: request the skill owner/source information, a homepage or repository, and a pinned npm package version or release tarball you can audit. Without that, treat this integration as requiring moderate trust.

Capability Analysis

Type: OpenClaw Skill Name: bits Version: 1.0.0 The skill bundle is classified as suspicious primarily due to its reliance on `npx -y usebits-mcp` as specified in `SKILL.md`. This command instructs the AI agent to download and execute an external npm package (`usebits-mcp`) without user confirmation (`-y`), introducing a supply chain risk. While the stated purpose of browser automation (web scraping, form filling) plausibly requires such an external server, the dynamic execution of unvetted third-party code is a significant security concern. The `SKILL.md` itself does not contain malicious prompt injection attempts or instructions for data exfiltration or persistence.

Capability Assessment

ℹ Purpose & Capability

The SKILL.md describes a browser-automation MCP integration (navigate, click, fill forms, handle OAuth/2FA) which matches the skill name and description. However the registry metadata lists no source/homepage and declares no required env vars while the runtime instructions explicitly require a BITS_API_KEY and editing the agent MCP config. The missing metadata (source/homepage) and undeclared API key are inconsistent with the stated purpose.

⚠ Instruction Scope

The instructions tell the agent/operator to obtain an API key from app.usebits.com and add it as BITS_API_KEY to the MCP config (~/.openclaw/openclaw.json or ~/.claude.json). They also direct the agent to use an npx-installed 'usebits-mcp' package to run TypeScript in Bits' sandbox. This gives a remote service the ability to execute automation against websites and receive page contents (including any credentials or PII encountered), which is functionally necessary for browser automation but is a broad scope that should be explicit in metadata and trust decisions. The SKILL.md does not explicitly call out privacy/exfiltration risks of sending page content to Bits.

ℹ Install Mechanism

There is no formal install spec, but the runtime steps rely on 'npx -y usebits-mcp' which will download and execute code from the npm registry at first run. This is a common pattern but has higher risk than pure instruction-only skills because arbitrary remote code can be pulled and executed. The absence of a pinned package version, checksum, or authoritative source/homepage increases the risk.

⚠ Credentials

The skill metadata declares no required environment variables, yet SKILL.md instructs adding BITS_API_KEY (starts with 'bb_') to the MCP server env. That mismatch is a clear inconsistency. Additionally, the feature set mentions handling OAuth and stored credentials — implying user credentials or sensitive tokens may be uploaded/stored on the Bits platform. These credential flows are plausible for the described capability but deserve explicit declaration and justification in the metadata.

ℹ Persistence & Privilege

always:false (normal) and no requests to modify other skills are present. The instructions do require writing an MCP config entry (~/.openclaw/openclaw.json or ~/.claude.json), which is expected for adding a new MCP server. This is normal but the user should consciously permit editing their agent configuration.

Version History

v1.0.0

- Initial release of Bits MCP skill for browser automation. - Enables web scraping, form filling, data extraction, and browser-based automation via the Bits MCP server. - Provides setup instructions for API key creation and MCP server integration. - Supports TypeScript SDK execution in a sandboxed environment with code docs search. - Lists use cases: navigating sites, extracting data, reading pages, interacting with web elements, handling authentication, multi-window control, and structured JSON output. - Includes troubleshooting tips and workflow creation guidance.

Metadata

Slug bits

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Bits Browser Automation?

Control browser automation agents via the Bits MCP server. Use when running web scraping, form filling, data extraction, or any browser-based automation task. Bits agents can navigate websites, click elements, fill forms, handle OAuth flows, and extract structured data. It is an AI Agent Skill for Claude Code / OpenClaw, with 2127 downloads so far.

How do I install Bits Browser Automation?

Run "/install bits" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bits Browser Automation free?

Yes, Bits Browser Automation is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Bits Browser Automation support?

Bits Browser Automation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bits Browser Automation?

It is built and maintained by Robbie Thompson (@robbiethompson18); the current version is v1.0.0.

More Skills

Bits Browser Automation