← Back to Skills Marketplace
seanmwx

Cookie Alive Pro

by Xinhai Zou · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
139
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cookie-alive
Description
Persist, refresh, and serve website session cookies through a local SQLite-backed cookie store. Use when Codex needs to keep authenticated cookies alive by c...
README (SKILL.md)

Session Cookie Online

Overview

Use this skill when a website session must stay alive without building a full browser-automation system.

The runtime script stores named session profiles in SQLite, replays a deterministic HTTP keepalive request, merges Set-Cookie updates back into the database, and exposes the current cookies to downstream programs.

Quick Start

  1. Pick a database name. The default is default, which resolves to ~/.cookie_alive/default.db.
  2. Capture the current cookie as either a Cookie header string or a JSON object.
  3. Store or update a named profile with python {baseDir}/scripts/cookie_alive.py upsert ....
  4. Validate the stored cookie with python {baseDir}/scripts/cookie_alive.py get --profile \x3Cprofile>.
  5. Refresh it once with python {baseDir}/scripts/cookie_alive.py refresh --profile \x3Cprofile>.
  6. Keep it alive with python {baseDir}/scripts/cookie_alive.py run --profile \x3Cprofile>.

Workflow Rules

  • Prefer a lightweight authenticated endpoint for --refresh-url, such as /ping, /me, or a low-cost page load. Avoid heavy pages when a cheaper endpoint exists.
  • Store cookies with --cookie-header when the source is browser devtools or another HTTP client. Store them with --cookie-json when the source is already structured.
  • Use get --format header when another program needs a literal Cookie header value.
  • Use get --format record or list when another program needs metadata such as interval_seconds, last_status_code, or last_refreshed_at.
  • If the target site requires JavaScript timers, WebSocket traffic, or browser-only activity to stay logged in, use external browser automation to renew the cookie and write the updated cookie back with upsert. This skill only performs deterministic HTTP requests.

Script

  • scripts/cookie_alive.py Use this CLI for profile CRUD, one-shot refreshes, and repeat keepalive loops.

References

  • references/commands.md Load this file for exact CLI shapes, storage path rules, and copy-paste examples.
Usage Guidance
This skill appears to do what it claims, but it handles highly sensitive data (session cookies). Before installing or running it: 1) Recognize that cookies stored under ~/.cookie_alive are secrets—restrict filesystem permissions, consider using a dedicated user or encrypted volume, and delete databases when no longer needed. 2) The examples include a local HTTP wrapper that defaults to 127.0.0.1 (safe) but can be bound to other interfaces—do not bind it to a public interface or network you do not control, or you will expose cookies. 3) The tool will make outbound HTTP requests to whatever refresh_url you configure—ensure those URLs are trusted and that you aren’t inadvertently sending cookies to an attacker-controlled endpoint. 4) Review/scan the included scripts before use and run in a least-privilege environment (container or separate account) if you are concerned. 5) If you need stronger protection for stored cookies, add encryption at rest or avoid persistent storage and instead keep cookies in a more secure credential store.
Capability Analysis
Type: OpenClaw Skill Name: cookie-alive Version: 1.0.0 The bundle provides a well-engineered utility for maintaining active website sessions by periodically refreshing cookies via a local SQLite store. The core script, `scripts/cookie_alive.py`, implements safe practices such as parameterized SQL queries, strict regex validation for database names to prevent path traversal, and manual handling of HTTP redirects to detect session expiry. While the bundle includes a local HTTP wrapper (`scripts/examples/http_api_wrapper.py`) that could expose cookies to other local processes, this is presented as an optional integration example. No evidence of data exfiltration, hardcoded malicious endpoints, or prompt injection was found; the tool is transparently designed for its stated purpose of session persistence.
Capability Assessment
Purpose & Capability
The name/description (persist, refresh, serve cookies) matches the included scripts: a CLI that stores profiles in SQLite under ~/.cookie_alive, performs deterministic HTTP refresh requests, merges Set-Cookie updates, and returns cookies as a header/JSON/record. No unrelated cloud credentials, binaries, or install steps are requested.
Instruction Scope
SKILL.md and references describe only cookie storage/refresh/export operations and match the code. The examples run the CLI via subprocess and provide a local HTTP wrapper that exposes routes (/pull, /check, /list). That wrapper defaults to 127.0.0.1 but can be configured to bind elsewhere — if started on a public interface it could leak cookies. The runtime also writes databases under a home path (default ~/.cookie_alive), which is expected but means sensitive data is persisted to disk.
Install Mechanism
No install spec and no external downloads. The skill is instruction/code-only and does not fetch or execute remote archives or third-party packages during installation. This minimizes install-time risk.
Credentials
The skill does not require secret environment variables or external credentials. It supports optional env overrides (COOKIE_ALIVE_HOME, SESSION_COOKIE_ONLINE_HOME, COOKIE_ALIVE_DB_NAME) which are reasonable. However, the tool persists sensitive cookie values in SQLite files under the resolved storage root; users should treat these as secrets and protect them accordingly.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It will create and update files under its own storage directory (~/.cookie_alive by default) but does not modify other skills or system-wide agent config. Autonomous invocation is allowed (platform default) but is not combined with other privilege escalations here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cookie-alive
  3. After installation, invoke the skill by name or use /cookie-alive
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Session Cookie Online skill initial release: - Persist and refresh website session cookies using a local SQLite database. - Store, update, and retrieve session profiles via a CLI script. - Keep cookies alive by replaying deterministic HTTP keepalive requests on a schedule. - Merge Set-Cookie responses into the database and expose cookies to other programs. - Support input and output as HTTP Cookie headers or structured JSON maps. - Designed for lightweight session management without browser automation.
Metadata
Slug cookie-alive
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Cookie Alive Pro?

Persist, refresh, and serve website session cookies through a local SQLite-backed cookie store. Use when Codex needs to keep authenticated cookies alive by c... It is an AI Agent Skill for Claude Code / OpenClaw, with 139 downloads so far.

How do I install Cookie Alive Pro?

Run "/install cookie-alive" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Cookie Alive Pro free?

Yes, Cookie Alive Pro is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Cookie Alive Pro support?

Cookie Alive Pro is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Cookie Alive Pro?

It is built and maintained by Xinhai Zou (@seanmwx); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments