功能描述

Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with w...

使用说明 (SKILL.md)

注意事项

自动安装： 已预装 agent-browser 和 Chromium, 能直接使用，默认headless模式。

进程清理：使用完毕后，清理残留进程
```
pkill -f chromium
```
Session 隔离：多任务使用 --session 避免冲突
Profile 持久化：需要保存登录状态时使用 --profile
Ref 有效期：页面刷新后 refs 失效，需要重新 snapshot
资源释放：长时间运行后记得 close 关闭浏览器

Browser Automation with agent-browser

Name: Agb
Author: cecwap

Quick start

agent-browser open \x3Curl>        # Navigate to page
agent-browser snapshot -i       # Get interactive elements with refs
agent-browser click @e1         # Click element by ref
agent-browser fill @e2 "text"   # Fill input by ref
agent-browser close             # Close browser

Core workflow

Navigate: agent-browser open \x3Curl>
Snapshot: agent-browser snapshot -i (returns elements with refs like @e1, @e2)
Interact using refs from the snapshot
Re-snapshot after navigation or significant DOM changes

Commands

Navigation

agent-browser open \x3Curl>      # Navigate to URL (aliases: goto, navigate)
                              # Supports: https://, http://, file://, about:, data://
                              # Auto-prepends https:// if no protocol given
agent-browser back            # Go back
agent-browser forward         # Go forward
agent-browser reload          # Reload page
agent-browser close           # Close browser (aliases: quit, exit)
agent-browser connect 9222    # Connect to browser via CDP port

Snapshot (page analysis)

agent-browser snapshot            # Full accessibility tree
agent-browser snapshot -i         # Interactive elements only (recommended)
agent-browser snapshot -c         # Compact output
agent-browser snapshot -d 3       # Limit depth to 3
agent-browser snapshot -s "#main" # Scope to CSS selector

Interactions (use @refs from snapshot)

agent-browser click @e1           # Click
agent-browser dblclick @e1        # Double-click
agent-browser focus @e1           # Focus element
agent-browser fill @e2 "text"     # Clear and type
agent-browser type @e2 "text"     # Type without clearing
agent-browser press Enter         # Press key (alias: key)
agent-browser press Control+a     # Key combination
agent-browser keydown Shift       # Hold key down
agent-browser keyup Shift         # Release key
agent-browser hover @e1           # Hover
agent-browser check @e1           # Check checkbox
agent-browser uncheck @e1         # Uncheck checkbox
agent-browser select @e1 "value"  # Select dropdown option
agent-browser select @e1 "a" "b"  # Select multiple options
agent-browser scroll down 500     # Scroll page (default: down 300px)
agent-browser scrollintoview @e1  # Scroll element into view (alias: scrollinto)
agent-browser drag @e1 @e2        # Drag and drop
agent-browser upload @e1 file.pdf # Upload files

Get information

agent-browser get text @e1        # Get element text
agent-browser get html @e1        # Get innerHTML
agent-browser get value @e1       # Get input value
agent-browser get attr @e1 href   # Get attribute
agent-browser get title           # Get page title
agent-browser get url             # Get current URL
agent-browser get count ".item"   # Count matching elements
agent-browser get box @e1         # Get bounding box
agent-browser get styles @e1      # Get computed styles (font, color, bg, etc.)

Check state

agent-browser is visible @e1      # Check if visible
agent-browser is enabled @e1      # Check if enabled
agent-browser is checked @e1      # Check if checked

Screenshots & PDF

agent-browser screenshot          # Save to a temporary directory
agent-browser screenshot path.png # Save to a specific path
agent-browser screenshot --full   # Full page
agent-browser pdf output.pdf      # Save as PDF

Video recording

agent-browser record start ./demo.webm    # Start recording (uses current URL + state)
agent-browser click @e1                   # Perform actions
agent-browser record stop                 # Stop and save video
agent-browser record restart ./take2.webm # Stop current + start new recording

Recording creates a fresh context but preserves cookies/storage from your session. If no URL is provided, it automatically returns to your current page. For smooth demos, explore first, then start recording.

Wait

agent-browser wait @e1                     # Wait for element
agent-browser wait 2000                    # Wait milliseconds
agent-browser wait --text "Success"        # Wait for text (or -t)
agent-browser wait --url "**/dashboard"    # Wait for URL pattern (or -u)
agent-browser wait --load networkidle      # Wait for network idle (or -l)
agent-browser wait --fn "window.ready"     # Wait for JS condition (or -f)

Mouse control

agent-browser mouse move 100 200      # Move mouse
agent-browser mouse down left         # Press button
agent-browser mouse up left           # Release button
agent-browser mouse wheel 100         # Scroll wheel

Semantic locators (alternative to refs)

agent-browser find role button click --name "Submit"
agent-browser find text "Sign In" click
agent-browser find text "Sign In" click --exact      # Exact match only
agent-browser find label "Email" fill "[email protected]"
agent-browser find placeholder "Search" type "query"
agent-browser find alt "Logo" click
agent-browser find title "Close" click
agent-browser find testid "submit-btn" click
agent-browser find first ".item" click
agent-browser find last ".item" click
agent-browser find nth 2 "a" hover

Browser settings

agent-browser set viewport 1920 1080          # Set viewport size
agent-browser set device "iPhone 14"          # Emulate device
agent-browser set geo 37.7749 -122.4194       # Set geolocation (alias: geolocation)
agent-browser set offline on                  # Toggle offline mode
agent-browser set headers '{"X-Key":"v"}'     # Extra HTTP headers
agent-browser set credentials user pass       # HTTP basic auth (alias: auth)
agent-browser set media dark                  # Emulate color scheme
agent-browser set media light reduced-motion  # Light mode + reduced motion

Cookies & Storage

agent-browser cookies                     # Get all cookies
agent-browser cookies set name value      # Set cookie
agent-browser cookies clear               # Clear cookies
agent-browser storage local               # Get all localStorage
agent-browser storage local key           # Get specific key
agent-browser storage local set k v       # Set value
agent-browser storage local clear         # Clear all

Network

agent-browser network route \x3Curl>              # Intercept requests
agent-browser network route \x3Curl> --abort      # Block requests
agent-browser network route \x3Curl> --body '{}'  # Mock response
agent-browser network unroute [url]            # Remove routes
agent-browser network requests                 # View tracked requests
agent-browser network requests --filter api    # Filter requests

Tabs & Windows

agent-browser tab                 # List tabs
agent-browser tab new [url]       # New tab
agent-browser tab 2               # Switch to tab by index
agent-browser tab close           # Close current tab
agent-browser tab close 2         # Close tab by index
agent-browser window new          # New window

Frames

agent-browser frame "#iframe"     # Switch to iframe
agent-browser frame main          # Back to main frame

Dialogs

agent-browser dialog accept [text]  # Accept dialog
agent-browser dialog dismiss        # Dismiss dialog

JavaScript

agent-browser eval "document.title"   # Run JavaScript

Global options

agent-browser --session \x3Cname> ...    # Isolated browser session
agent-browser --json ...              # JSON output for parsing
agent-browser --headed ...            # Show browser window (not headless)
agent-browser --full ...              # Full page screenshot (-f)
agent-browser --cdp \x3Cport> ...        # Connect via Chrome DevTools Protocol
agent-browser -p \x3Cprovider> ...       # Cloud browser provider (--provider)
agent-browser --proxy \x3Curl> ...       # Use proxy server
agent-browser --headers \x3Cjson> ...    # HTTP headers scoped to URL's origin
agent-browser --executable-path \x3Cp>   # Custom browser executable
agent-browser --extension \x3Cpath> ...  # Load browser extension (repeatable)
agent-browser --help                  # Show help (-h)
agent-browser --version               # Show version (-V)
agent-browser \x3Ccommand> --help        # Show detailed help for a command

Proxy support

agent-browser --proxy http://proxy.com:8080 open example.com
agent-browser --proxy http://user:[email protected]:8080 open example.com
agent-browser --proxy socks5://proxy.com:1080 open example.com

Environment variables

AGENT_BROWSER_SESSION="mysession"            # Default session name
AGENT_BROWSER_EXECUTABLE_PATH="/path/chrome" # Custom browser path
AGENT_BROWSER_EXTENSIONS="/ext1,/ext2"       # Comma-separated extension paths
AGENT_BROWSER_PROVIDER="your-cloud-browser-provider"  # Cloud browser provider (select browseruse or browserbase)
AGENT_BROWSER_STREAM_PORT="9223"             # WebSocket streaming port
AGENT_BROWSER_HOME="/path/to/agent-browser"  # Custom install location (for daemon.js)

Example: Form submission

agent-browser open https://example.com/form
agent-browser snapshot -i
# Output shows: textbox "Email" [ref=e1], textbox "Password" [ref=e2], button "Submit" [ref=e3]

agent-browser fill @e1 "[email protected]"
agent-browser fill @e2 "password123"
agent-browser click @e3
agent-browser wait --load networkidle
agent-browser snapshot -i  # Check result

Example: Authentication with saved state

# Login once
agent-browser open https://app.example.com/login
agent-browser snapshot -i
agent-browser fill @e1 "username"
agent-browser fill @e2 "password"
agent-browser click @e3
agent-browser wait --url "**/dashboard"
agent-browser state save auth.json

# Later sessions: load saved state
agent-browser state load auth.json
agent-browser open https://app.example.com/dashboard

Sessions (parallel browsers)

agent-browser --session test1 open site-a.com
agent-browser --session test2 open site-b.com
agent-browser session list

JSON output (for parsing)

Add --json for machine-readable output:

agent-browser snapshot -i --json
agent-browser get text @e1 --json

Debugging

agent-browser --headed open example.com   # Show browser window
agent-browser --cdp 9222 snapshot         # Connect via CDP port
agent-browser connect 9222                # Alternative: connect command
agent-browser console                     # View console messages
agent-browser console --clear             # Clear console
agent-browser errors                      # View page errors
agent-browser errors --clear              # Clear errors
agent-browser highlight @e1               # Highlight element
agent-browser trace start                 # Start recording trace
agent-browser trace stop trace.zip        # Stop and save trace
agent-browser record start ./debug.webm   # Record video from current page
agent-browser record stop                 # Save recording

Deep-dive documentation

For detailed patterns and best practices, see:

Reference	Description
references/snapshot-refs.md	Ref lifecycle, invalidation rules, troubleshooting
references/session-management.md	Parallel sessions, state persistence, concurrent scraping
references/authentication.md	Login flows, OAuth, 2FA handling, state reuse
references/video-recording.md	Recording workflows for debugging and documentation
references/proxy-support.md	Proxy configuration, geo-testing, rotating proxies

Ready-to-use templates

Executable workflow scripts for common patterns:

Template	Description
templates/form-automation.sh	Form filling with validation
templates/authenticated-session.sh	Login once, reuse state
templates/capture-workflow.sh	Content extraction with screenshots

Usage:

./templates/form-automation.sh https://example.com/form
./templates/authenticated-session.sh https://app.example.com/login
./templates/capture-workflow.sh https://example.com ./output

HTTPS Certificate Errors

For sites with self-signed or invalid certificates:

agent-browser open https://localhost:8443 --ignore-https-errors

安全使用建议

This skill appears to do what it says (automated browser interactions), but review these before installing: 1) The index.js calls a hardcoded binary path (/root/.local/bin/agent-browser) — confirm the expected agent-browser binary is present and trusted in your environment to avoid a replaced binary being executed. 2) The tool encourages saving session state files (auth-state.json) and using environment variables for credentials; treat those files and env vars as secrets, never commit them to source control, and remove them when done. 3) Proxy examples show credentials in proxy URLs — avoid embedding secrets in URLs or logs; prefer secure storage and runtime injection of credentials. 4) The scripts call pkill -f chromium and recommend ignoring HTTPS errors in some debugging examples — be cautious running these commands in multi-tenant or production environments. 5) Because the skill automates login flows and can replay sessions, only use it with accounts and sites you control or for which you have permission. If you need higher assurance, ask the author for: (a) confirmation of the expected agent-browser binary path on your platform, (b) a signed/official release link for agent-browser, and (c) a minimal example run that shows no unexpected network endpoints or exfiltration.

功能分析

Type: OpenClaw Skill Name: agb Version: 1.0.0 The skill bundle is classified as suspicious due to its direct exposure of highly privileged browser automation capabilities without adequate input sanitization. The `index.js` wrapper passes user-supplied arguments directly to the `agent-browser` binary, which, as documented in `SKILL.md` and `references/*.md`, supports features like arbitrary JavaScript execution (`eval`), loading custom browser executables (`--executable-path`) or extensions (`--extension`), arbitrary file write (screenshots, PDFs, video recordings, session state), network proxy configuration, and bypassing HTTPS errors. This lack of sanitization, combined with the `allowed-tools: Bash(agent-browser:*)` directive, creates a significant prompt injection vulnerability, enabling an AI agent to be instructed to perform actions such as arbitrary code execution, data exfiltration, or installing malicious components, despite the stated purpose being legitimate browser automation.

能力评估

✓ Purpose & Capability

Name/description, CLI usage in SKILL.md, templates, and index.js all implement browser automation (navigation, snapshots, interactions, screenshots, session management). The files present are coherent with the claimed capability.

ℹ Instruction Scope

SKILL.md and templates instruct saving/loading session state, using environment variables for credentials, proxy configuration, recording video, and cleaning up Chromium processes. Those actions are expected for a browser-automation tool, but they give the agent the ability to store and replay authentication tokens and to route traffic through proxies — both legitimate for the purpose but sensitive. The documentation also suggests embedding proxy credentials in URLs and using saved state files that contain session tokens; the user should treat these artifacts as sensitive.

✓ Install Mechanism

There is no install spec (instruction-only behavior) and no remote download. Code files are bundled but nothing in the manifest attempts to fetch or extract external archives. This is lower install risk.

ℹ Credentials

The manifest declares no required environment variables, but the documentation and templates reference environment variables (e.g., APP_USERNAME, APP_PASSWORD, HTTP_PROXY/HTTPS_PROXY/ALL_PROXY). That mismatch is not necessarily malicious, but you should be aware the skill expects/encourages use of env vars and may direct users to place credentials into envs or proxy URLs (the latter can expose secrets in process lists or logs).

✓ Persistence & Privilege

always:false and default invocation settings are used. The skill does not request permanent platform presence or modify other skills. It does read and write local state files (auth-state.json, saved recordings) which is normal for session reuse but are sensitive artifacts you must protect.

版本历史

v1.0.0

Initial release: agent-browser browser automation skill - Automates browser actions for web testing, form filling, screenshots, and data extraction. - Comprehensive command set for navigation, interaction, data retrieval, screenshots, PDF/video export, and session management. - Supports semantic element location, browser/device emulation, cookies/storage, network interception, multi-tab/window, frames, and dialog control. - Includes best practices for process cleanup, session isolation, and resource management.

元数据

Slug agb

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Agb 是什么？

Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 414 次。

如何安装 Agb？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agb」即可一键安装，无需额外配置。

Agb 是免费的吗？

是的，Agb 完全免费（开源免费），可自由下载、安装和使用。

Agb 支持哪些平台？

Agb 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agb？

由 cecwap（@cecwap）开发并维护，当前版本 v1.0.0。

Agb