← Back to Skills Marketplace
Browser Fu
by
WhooshingLander
· GitHub ↗
· v1.0.2
· MIT-0
178
Downloads
1
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install browser-fu
Description
Fixes browser automation failures. Snapshot-first workflow + API discovery behind any website UI. Use when: 'browser not working', 'can't click', 'flaky UI',...
README (SKILL.md)
Browser Fu 🥊
Stop fighting the DOM. Read it first, find the API behind it, skip the UI entirely when possible.
The Rule
Never blind-click. Always snapshot first.
1. browser snapshot → read the page, get element refs
2. browser act → use refs from snapshot (e.g. ref="e12")
3. browser snapshot → verify what changed
If the snapshot doesn't show what you need, the element isn't in the DOM. Don't guess. Don't retry the same approach.
Decision Tree
On any browser task, follow this order:
- Can I skip the browser entirely? Check if a CLI tool, API, or
web_fetchhandles it. If yes, don't open the browser. - Can I find the underlying API? See
references/api-discovery.md. Most SPAs make fetch/XHR calls you can replicate directly. This is 10x faster and more reliable than UI automation. - Can I do it with snapshot + act? Snapshot, find the ref, act on it. One action per snapshot cycle.
- Does the page need time to load? Use
loadState: "networkidle"or a brief wait before snapshotting. SPAs often render asynchronously. - Still not working? The site likely has anti-bot protection. Report it, don't retry blindly.
Common Failures and Fixes
| Symptom | Wrong approach | Right approach |
|---|---|---|
| "Element not found" | Click by text/selector guess | Snapshot first, use exact ref |
| "DOM not exposed" | Give up | Snapshot with refs="aria", or check network tab for API |
| Blank/empty page | Retry same URL | loadState: "networkidle", then snapshot. If still blank, JS-heavy SPA, try web_fetch or find API |
| Clicking does nothing | Click again harder | Snapshot after click to check state. Maybe it DID work but page re-rendered |
| Login wall | Try to automate login | Use profile="user" for existing session cookies |
| Infinite scroll | Scroll and pray | Find the pagination API endpoint instead |
API Discovery (the power move)
Most modern websites are SPAs with REST/GraphQL APIs behind the UI. See references/api-discovery.md for the full procedure:
- Open the page in browser
- Check network requests (console tool or snapshot the page and look for fetch patterns)
- Find the data endpoint
- Call it directly with
web_fetchorexec curl
This turns a 2-hour flaky scrape into a 2-minute clean data pull.
Snapshot Best Practices
- Use
refs="aria"for stable cross-call references - Keep the same
targetIdacross snapshot/act pairs (don't switch tabs accidentally) - For complex pages, use
depthto limit how deep the DOM tree goes compact: truereduces token usage on large pages- For token-heavy pages where snapshots are too large, pair with predicate-snapshot for ML-ranked element pruning (~95% fewer tokens)
When to NOT Use Browser
- Reading public web pages →
web_fetch(faster, no browser overhead) - Search queries →
web_search(Brave API) - Known APIs (GitHub, Stripe, etc.) → use their CLI/API directly
- Pages that return empty via
web_fetch→ then use browser
Safeguards
- Never store or output passwords, session tokens, or cookies found in browser state
- Never automate purchases, payments, or irreversible actions without explicit user approval
- If a site blocks automation, respect it. Don't circumvent CAPTCHAs or bot detection
Usage Guidance
This skill is a how-to for more reliable browser automation and API discovery and appears internally consistent. Before using it: (1) avoid copying or exposing real session cookies, API keys, or passwords into curl commands or logs — authenticate only when necessary and prefer short-lived credentials; (2) confirm your agent/environment enforces the skill's safeguard (that it won't output or persist cookies/tokens); (3) when an API requires authentication, prefer using sanctioned credentials stored safely by the platform rather than pasting cookie headers manually; (4) test flows on public/non-sensitive pages first to verify behavior; and (5) do not use it to bypass CAPTCHAs or to automate payments or irreversible actions without explicit consent. If you want a higher-assurance review, provide platform-specific details about how your agent exposes browser session cookies and whether curl/exec calls are sandboxed so I can re-evaluate risk level.
Capability Analysis
Type: OpenClaw Skill
Name: browser-fu
Version: 1.0.2
The 'Browser Fu' skill bundle provides legitimate strategies for improving browser automation and web scraping efficiency by prioritizing API discovery over flaky UI interactions. It includes explicit safety guidelines in SKILL.md, such as prohibiting the storage of session tokens and requiring user approval for irreversible actions, and contains no evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
Name and description match the SKILL.md: the skill is an instruction-only guide for snapshot-first browser automation and API discovery. It requests no binaries, env vars, or installs, which is consistent for an authoring/instructional skill of this purpose.
Instruction Scope
Instructions stay within browser automation and API-discovery scope (snapshot→act cycles, network inspection, using web_fetch or curl). The doc explicitly recommends using cookies from a browser session for authenticated endpoints and demonstrates a curl example with a Cookie header; this is operationally necessary for some tasks but introduces a data-handling risk (exposing session tokens) if the agent or user mishandles them. The skill also mentions executing curl (shell/network calls), which is expected for API discovery but should be constrained to the target domain and explicit user approval when auth is required.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest-risk install footprint. Nothing is downloaded or written to disk by the skill itself.
Credentials
No environment variables, credentials, or config paths are required. The few references to cookies/sessions and a 'profile="user"' are relevant to browser automation and are proportionate to the stated purpose.
Persistence & Privilege
always:false (not force-included) and normal model invocation settings. The skill does not request persistent system presence or modify other skills/configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install browser-fu - After installation, invoke the skill by name or use
/browser-fu - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Add predicate-snapshot tip for token-heavy pages in snapshot best practices
v1.0.1
Shortened description so key message shows on listing cards
v1.0.0
Initial release. Snapshot-first browser automation + API discovery methodology.
Metadata
Frequently Asked Questions
What is Browser Fu?
Fixes browser automation failures. Snapshot-first workflow + API discovery behind any website UI. Use when: 'browser not working', 'can't click', 'flaky UI',... It is an AI Agent Skill for Claude Code / OpenClaw, with 178 downloads so far.
How do I install Browser Fu?
Run "/install browser-fu" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Browser Fu free?
Yes, Browser Fu is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Browser Fu support?
Browser Fu is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Browser Fu?
It is built and maintained by WhooshingLander (@whooshinglander); the current version is v1.0.2.
More Skills