功能描述

Anti-detection web browsing that bypasses bot detection, CAPTCHAs, and IP blocks using puppeteer-extra with stealth plugin and optional residential proxy sup...

使用说明 (SKILL.md)

Stealth Browser

Name: B0tresch Stealth Browser
Author: b0tresch

Bypass bot detection and IP blocks with puppeteer-extra stealth plugin and optional Smartproxy residential proxy support.

When to Use

Websites blocking headless browsers or datacenter IPs
Cloudflare/Vercel protection bypassing
Sites detecting automation (Reddit, Twitter/X, signup flows, faucets)
Protected content scraping
Web automation requiring human-like behavior

Tested Working On

✅ Relay.link (was blocked by Vercel, now works) ✅ X/Twitter profiles ✅ Bot detection tests (sannysoft.com) ✅ Faucet sites with protection ✅ Reddit (datacenter IP blocks)

Quick Start

# Basic usage (stealth only)
node scripts/browser.js "https://example.com"

# With residential proxy (bypasses IP blocks)
node scripts/browser.js "https://example.com" --proxy

# Screenshot
node scripts/browser.js "https://example.com" --proxy --screenshot output.png

# Get HTML content
node scripts/browser.js "https://example.com" --proxy --html

# Get text content
node scripts/browser.js "https://example.com" --proxy --text

Setup

1. Install Dependencies

cd /path/to/skill
npm install

Required packages (automatically handled by npm install with included package.json):

puppeteer-extra
puppeteer-extra-plugin-stealth
puppeteer

2. Configure Proxy (Optional but Recommended)

For bypassing IP-based blocks, set up Smartproxy residential proxy:

Create ~/.config/smartproxy/proxy.json:

{
  "host": "proxy.smartproxy.net",
  "port": "3120",
  "username": "smart-ppz3iii4l2qr_area-US_life-30_session-xxxxx",
  "password": "your-password"
}

Get credentials from Smartproxy dashboard: https://dashboard.smartproxy.com

Smartproxy session parameters:

_area-US → Use US residential IPs
_life-30 → Session lasts 30 minutes
_session-xxxxx → Sticky session (same IP for duration)

Without proxy, the browser still uses stealth plugin to avoid detection, but may be blocked by IP-based protection.

How It Works

Stealth Features

The browser includes multiple anti-detection measures:

puppeteer-extra-plugin-stealth: Automatically applies all stealth evasions
- Removes navigator.webdriver flag
- Spoofs Chrome user agent and headers
- Fakes plugins, languages, permissions
- Removes automation signatures
Human-like behaviors:
- Realistic viewport (1920x1080)
- Updated user agent (Chrome 121)
- Natural browser properties
- No automation control flags
Residential proxy (when --proxy used):
- Routes through residential IPs
- Bypasses datacenter IP blocks
- Sticky sessions (same IP per session)
- Geographic targeting (US by default)

Detection Bypass Comparison

Protection	Headless Puppeteer	Stealth Plugin	+ Residential Proxy
navigator.webdriver	❌ Detected	✅ Hidden	✅ Hidden
User Agent	❌ Generic	✅ Realistic	✅ Realistic
WebGL/Canvas	❌ Headless	✅ Spoofed	✅ Spoofed
IP Blocks	❌ Datacenter	❌ Datacenter	✅ Residential
Cloudflare	❌ Blocked	⚠️ Sometimes	✅ Usually works
Turnstile CAPTCHA	❌ Blocked	❌ Blocked	⚠️ Reduced chance

Usage Examples

Example 1: Check if Site Detects Automation

# Test on bot detection site
node scripts/browser.js "https://bot.sannysoft.com" --screenshot detection.png

Look for green checkmarks = undetected, red = detected.

Example 2: Scrape Protected Page

# Get page text content
node scripts/browser.js "https://protected-site.com" --proxy --text > output.txt

Example 3: Monitor Site Changes

# Take daily screenshot for comparison
node scripts/browser.js "https://target-site.com" --proxy --screenshot "$(date +%Y-%m-%d).png"

Example 4: Extract Structured Data

import { browse } from './scripts/browser.js';

const result = await browse('https://example.com', {
  proxy: true,
  html: true
});

// Parse result.html with cheerio or similar
console.log(result.html);

Proxy Cost Considerations

Smartproxy residential pricing:

~$7.50/GB of traffic
Average page load: 1-3 MB
Rough cost: $0.01-0.03 per page

When to use proxy:

Site explicitly blocks datacenter IPs (Reddit, some faucets)
Cloudflare/Vercel protection detected
Multiple requests from same IP getting rate-limited
Geographic targeting needed (US vs international)

When stealth-only is enough:

Site only checks for automation signatures, not IP
Low-value scraping where IP blocks are acceptable
Testing/development (proxy costs add up)

Troubleshooting

Browser Launch Fails

Error: Failed to launch the browser process

Solution: Install required system dependencies:

# Debian/Ubuntu
sudo apt-get install -y gconf-service libasound2 libatk1.0-0 libc6 libcairo2 \
  libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 \
  libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 \
  libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 \
  libxcomposite1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 \
  libxrandr2 libxrender1 libxss1 libxtst6 ca-certificates fonts-liberation \
  libappindicator1 libnss3 lsb-release xdg-utils wget

Proxy Authentication Fails

Error: net::ERR_PROXY_AUTH_REQUESTED

Solution: Check proxy credentials in ~/.config/smartproxy/proxy.json. Verify username/password are correct in Smartproxy dashboard.

Still Getting Detected

Try these:

Update session ID in proxy username (forces new IP):

"username": "smart-ppz3iii4l2qr_area-US_life-30_session-NEW_RANDOM_STRING"

Increase wait time before interacting with page:

await page.goto(url, { waitUntil: 'networkidle2' });
await page.waitForTimeout(5000); // Wait 5s

Check detection test:

node scripts/browser.js "https://bot.sannysoft.com" --proxy --screenshot test.png

Try different geographic area (if specific region is blocked):

"username": "smart-ppz3iii4l2qr_area-GB_life-30_session-xxxxx"

Limitations

CAPTCHAs: Stealth reduces but doesn't eliminate CAPTCHA challenges. For CAPTCHA solving, combine with 2captcha service.
JavaScript fingerprinting: Advanced fingerprinting (Canvas, WebGL hash analysis) may still detect automation on highly protected sites.
Cost: Residential proxy adds per-request cost. Use strategically.
Speed: Proxy routing and stealth evasions add latency vs direct requests.

Security Notes

Capabilities: This skill is read-only — it fetches web pages, captures screenshots, and extracts text/HTML. It does not perform any financial operations, value transfers, or wallet interactions.

Authentication: Proxy credentials are used solely for routing HTTP traffic through residential IPs. They do not grant access to any financial accounts or value-bearing systems.

Proxy credentials contain sensitive auth tokens. Keep ~/.config/smartproxy/proxy.json with 600 permissions.
Never commit proxy credentials to git repositories.
Residential proxy traffic is routed through real residential IPs. Respect rate limits and terms of service.
No value-transfer risk: this tool cannot send transactions, move funds, or interact with smart contracts.

This skill appears to do exactly what it says: launch a puppeteer browser with stealth evasion and optionally use Smartproxy credentials stored in ~/.config/smartproxy/proxy.json. Before installing: (1) be aware that 'npm install' will download many packages from the public registry — inspect package-lock.json or run in an isolated environment if you worry about supply-chain risk; (2) storing proxy credentials in a plaintext file is convenient but consider file permissions or a more secure secret store; (3) using a tool that bypasses bot/CAPTCHA protections can facilitate abusive automation — ensure your use is legal and ethical; (4) visited pages may execute arbitrary JavaScript in the headless browser (the skill fetches page HTML/content and prints it), so run it in a sandboxed environment if you will visit untrusted sites.

功能分析

Type: OpenClaw Skill Name: b0tresch-stealth-browser Version: 1.1.0 The skill is classified as suspicious due to its inherent high-risk capabilities, specifically reading sensitive proxy credentials from `~/.config/smartproxy/proxy.json` and providing `sudo apt-get install` instructions in `SKILL.md` for system-level dependency installation. While these actions are necessary for the skill's stated purpose of anti-detection web browsing and proxy support, they involve access to sensitive user data and the potential for elevated privileges, which could be exploited if the agent or user is compromised or misconfigured. There is no clear evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence mechanisms, or deceptive prompt injection attempts against the agent.

能力评估

✓ Purpose & Capability

Name/description (anti-detection browsing with stealth plugin and optional residential proxy) match the included code and SKILL.md. The repository contains puppeteer + stealth usage and optional Smartproxy proxy configuration — all expected for this functionality.

✓ Instruction Scope

SKILL.md and scripts/browser.js are consistent: they instruct npm install, optionally place Smartproxy credentials in ~/.config/smartproxy/proxy.json, and run the provided CLI or exported browse() function. The instructions do not request reading unrelated files or environment variables beyond the documented proxy config file.

ℹ Install Mechanism

There is no platform install spec; the user runs 'npm install' per SKILL.md. That will fetch puppeteer and related packages from the npm registry (package.json and package-lock.json included). This is expected but means third-party npm packages will be downloaded — review package-lock.json and run in a controlled environment if you have supply-chain concerns.

ℹ Credentials

The skill requests no environment variables or global credentials. It does read a local file (~/.config/smartproxy/proxy.json) for proxy credentials when --proxy is used. Storing proxy credentials in a plaintext config file is documented but is a potential local-secrets risk the user should be aware of.

✓ Persistence & Privilege

The skill does not request persistent/automatic inclusion (always: false) and does not modify other skills or system-wide configs. It only reads its own optional proxy config file in the user's home directory.

版本历史

v1.1.0

## b0tresch-stealth-browser 1.1.0 - Updated dependencies in package.json. - No user-facing or functional changes in this release.

v1.0.2

- Updated package.json with a new patch version (1.0.2). - No changes to core functionality or documentation.

v1.0.1

- Added _meta.json for skill metadata. - Updated SKILL.md with enhanced security notes clarifying that the skill is read-only and cannot perform value transfers or wallet actions. - Minor documentation edits to improve clarity and emphasize security best practices.

v1.0.0

Initial release: puppeteer-extra stealth + Smartproxy residential proxy support

元数据

Slug b0tresch-stealth-browser

版本 1.1.0

许可证 —

累计安装 3

当前安装数 3

历史版本数 4

常见问题

B0tresch Stealth Browser 是什么？

Anti-detection web browsing that bypasses bot detection, CAPTCHAs, and IP blocks using puppeteer-extra with stealth plugin and optional residential proxy sup... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1425 次。

如何安装 B0tresch Stealth Browser？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install b0tresch-stealth-browser」即可一键安装，无需额外配置。

B0tresch Stealth Browser 是免费的吗？

是的，B0tresch Stealth Browser 完全免费（开源免费），可自由下载、安装和使用。

B0tresch Stealth Browser 支持哪些平台？

B0tresch Stealth Browser 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 B0tresch Stealth Browser？

由 b0tresch（@b0tresch）开发并维护，当前版本 v1.1.0。

B0tresch Stealth Browser