← Back to Skills Marketplace
bodafu

Browser Automation V2

by Boda Fu · GitHub ↗ · v2.0.0
cross-platform ⚠ suspicious
2733
Downloads
1
Stars
11
Active Installs
1
Versions
Install in OpenClaw
/install browser-automation-v2
Description
Enterprise-grade browser automation with automatic tab cleanup, timeout retries, concurrency lock, smart waiting, and configurable environment settings.
README (SKILL.md)

Browser Automation v2

Enterprise-grade browser automation for OpenClaw with robust resource management.

Features

  • Automatic tab cleanup - No more tab accumulation
  • Timeout & retry - Exponential backoff on network errors
  • Smart waiting - waitForLoadState, waitForSelector
  • Concurrency lock - Prevents profile conflicts
  • Structured logging - DEBUG=1 for verbose output
  • Configurable - Environment variables for timeout, retries, profile

Files

  • browser-manager.v2.js - Core manager class
  • search-google.js - Google search with screenshot + PDF
  • fetch-summary.js - Fetch page content (static or dynamic)
  • multi-pages.js - Batch process multiple URLs
  • fill-form.js - Auto-fill forms by field names

Usage

# Set environment (optional)
export BROWSER_PROFILE=openclaw
export BROWSER_TIMEOUT=30000
export BROWSER_RETRIES=2
export DEBUG=1

cd ~/.openclaw/workspace/skills/browser-automation-v2

# Search Google
node search-google.js "OpenClaw automation"

# Batch process
node multi-pages.js "https://example.com" "https://github.com"

# Fill form
node fill-form.js "https://example.com/form" '{"email":"[email protected]"}'

Integration

Register as OpenClaw skill:

openclaw skills install ~/.openclaw/workspace/skills/browser-automation-v2

Or call directly from agent:

run search-google.js "query"

Requirements

  • OpenClaw v2026.2.15+
  • Browser profile configured (default: openclaw)
  • Gateway running

Troubleshooting

  • Timeout errors: Increase BROWSER_TIMEOUT
  • Profile locked: Wait for other instance to finish
  • Element not found: Use snapshot --format ai to debug refs

Created: 2026-02-16 Version: 2.0.0 License: MIT

Usage Guidance
This skill appears to do what it says, but exercise caution before installing or running it on sensitive systems. Key concerns and recommendations: - Command-injection risk: the code builds shell commands with user-controlled values (URLs and form values) and calls child_process.exec. If you pass untrusted input, an attacker could inject shell operators. Prefer running these scripts only with trusted inputs, review and/or modify the code to use execFile/spawn with argument arrays or properly escape inputs. - Run in isolation: test in a contained environment (dedicated VM/container, limited privileges) and avoid running with sensitive environment variables or on production hosts until you audit it. - Audit the OpenClaw CLI: the scripts rely entirely on the local `openclaw` CLI/gateway — ensure that binary is from a trusted source and behaves safely when given arguments. - Small bugs: there are minor implementation issues (e.g., fallbackToBrowser references exec without a local import) — expect some rough edges. If you need lower risk, ask the author to sanitize/escape all external inputs before interpolation (or switch to spawn/execFile with args arrays) and to add input-validation and explicit warnings in the SKILL.md. If you cannot audit/modify the code, avoid running it with untrusted inputs or on systems with sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: browser-automation-v2 Version: 2.0.0 The skill bundle is highly suspicious due to multiple shell injection vulnerabilities across all JavaScript files. The core `browser-manager.v2.js` module uses `child_process.exec` to run `openclaw browser` commands, directly interpolating user-controlled inputs (such as URLs, search keywords, and form field values) into shell command strings without sufficient sanitization. This allows an attacker to inject arbitrary shell commands, leading to potential remote code execution. While the stated purpose of browser automation is benign, the lack of input sanitization creates a critical vulnerability that could be exploited for malicious purposes.
Capability Assessment
Purpose & Capability
Name/description match the code: the files implement an OpenClaw CLI-driven browser manager and helpers (search, fetch, multi-page, form fill). No unrelated credentials or services are requested.
Instruction Scope
Runtime instructions and scripts call the OpenClaw CLI to control a browser (expected). However many commands are built by interpolating user-supplied data (URLs, JSON field values, refs) into shell command strings passed to exec — this can allow shell/command injection if inputs are untrusted. The SKILL.md suggests running the scripts directly and setting env vars but does not warn about sanitizing inputs.
Install Mechanism
No install/download step; the skill is instruction+code only. Nothing is fetched from external URLs or installed automatically.
Credentials
The skill declares no required secrets or config paths. It uses optional environment variables for profile/timeout/retries which are proportional to a browser automation tool.
Persistence & Privilege
always is false, the skill doesn't request permanent platform-level presence or modify other skills. It writes lock files under /tmp for concurrency control (expected).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install browser-automation-v2
  3. After installation, invoke the skill by name or use /browser-automation-v2
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Initial release: enterprise-grade browser automation with auto-cleanup, timeout/retry, smart waiting, concurrency lock
Metadata
Slug browser-automation-v2
Version 2.0.0
License
All-time Installs 12
Active Installs 11
Total Versions 1
Frequently Asked Questions

What is Browser Automation V2?

Enterprise-grade browser automation with automatic tab cleanup, timeout retries, concurrency lock, smart waiting, and configurable environment settings. It is an AI Agent Skill for Claude Code / OpenClaw, with 2733 downloads so far.

How do I install Browser Automation V2?

Run "/install browser-automation-v2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Browser Automation V2 free?

Yes, Browser Automation V2 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Browser Automation V2 support?

Browser Automation V2 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Browser Automation V2?

It is built and maintained by Boda Fu (@bodafu); the current version is v2.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments