← 返回 Skills 市场

Browser Automation

Name: Browser Automation
Author: jasoncodespace

作者 Jason · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install browser-automation-skill

功能描述

Use Browser Relay when the user wants to control a real signed-in Chrome or Chromium browser through the published browser-relay-cli package and unpacked Bro...

使用说明 (SKILL.md)

Browser Relay

Use this skill when the user wants real browser control through the local Browser Relay runtime.

This skill is a thin wrapper around the published npm package:

npm package: browser-relay-cli
GitHub repo: https://github.com/jasonCodeSpace/browser-relay

Use this skill when

The user wants to control an already signed-in Chrome session
The task requires opening pages, reusing tabs, clicking, typing, hovering, scrolling, or screenshots
DOM selectors are unreliable and a screenshot-guided click is more appropriate
The user wants a local browser relay instead of a hosted browser

Do not use this skill when

The user asks to bypass CAPTCHA or anti-bot systems
The task requires stealth automation or hiding browser control
The user only needs plain web search or static scraping

Workflow

1. Make sure the runtime is available

Use npx, not a local repo path, unless the user explicitly wants development mode.

Quick checks:

npx browser-relay-cli version
npx browser-relay-cli extension-path

2. Start the relay

npx browser-relay-cli relay-start

3. Make sure the extension is loaded

Tell the user to:

Open chrome://extensions
Enable Developer mode
Click Load unpacked
Select the directory printed by npx browser-relay-cli extension-path

Then verify:

npx browser-relay-cli status

You want extensionConnected: true.

4. Operate the browser

Prefer DOM-first commands:

npx browser-relay-cli list-tabs
npx browser-relay-cli create-tab https://example.com
npx browser-relay-cli click 123456 'button'
npx browser-relay-cli type 123456 'input[name=\"q\"]' 'browser relay'
npx browser-relay-cli press 123456 Enter
npx browser-relay-cli scroll 123456 800

For DOM-hostile pages, switch to hybrid mode:

screenshot
describe-visible
click-at or click-at-norm

5. Prefer tab reuse

Reuse existing relay tabs whenever possible
Avoid opening unnecessary new tabs
Use screenshot-guided clicks only when selector-based actions are unreliable

Key commands

Read references/commands.md when you need the compact command catalog.

Safety rules

Do not instruct Browser Relay to bypass CAPTCHA or anti-bot challenges
Do not claim Browser Relay is stealthy
Do not save tokens, .env files, or local private credentials in the skill folder
Keep this skill focused on the published runtime and extension workflow

安全使用建议

This skill is coherent for local browser automation, but it works by running an external npm package (via npx) and loading an unpacked browser extension — both of which you should verify before use. Before installing/using: (1) Inspect the npm package and GitHub repo (https://github.com/jasonCodeSpace/browser-relay) or install it locally and read its code rather than blindly running npx. (2) Inspect the unpacked extension contents and its requested Chrome permissions before loading it into a profile. (3) Prefer using a disposable browser profile or a test account (not your primary signed-in account) while evaluating. (4) Be cautious with 'raw' and CDP passthrough commands: they can read page content and interact with authenticated sessions, so avoid running them on sensitive pages (banking, email, SSO) unless you trust the package and extension. (5) If possible, restrict or review autonomous invocation for this skill so it cannot operate on your signed-in browser without your explicit confirmation.

功能分析

Type: OpenClaw Skill Name: browser-automation-skill Version: 1.0.0 The skill provides high-privilege control over a user's signed-in Chrome session using the `browser-relay-cli` package via `npx`. Key risks include the ability to execute arbitrary JavaScript in the browser context via raw Chrome DevTools Protocol (CDP) commands (found in `references/commands.md`) and the requirement to load an unpacked extension, which bypasses standard browser security checks. While `SKILL.md` includes safety rules against CAPTCHA bypass, the broad access to browser data and the reliance on external npm execution make it high-risk for potential abuse or data exfiltration.

能力评估

✓ Purpose & Capability

Name and description match the runtime instructions: the skill is an instruction-only wrapper that tells the agent to use the browser-relay-cli npm package and the Browser Relay extension to control a local, signed-in Chrome/Chromium session. It does not request unrelated credentials, binaries, or config paths.

ℹ Instruction Scope

The SKILL.md stays within the stated purpose (start relay, load extension, reuse tabs, DOM-first commands, screenshot-guided fallback). However the instructions include 'raw passthrough' and CDP-style commands (e.g., Runtime.evaluate, BrowserRelay.getText) that allow reading arbitrary page content and executing arbitrary DevTools commands in the signed-in browser. That's expected for this kind of skill but is a sensitive capability: it can access private page contents and interact with authenticated sessions. The skill does not instruct any unrelated file or env var access.

✓ Install Mechanism

There is no install spec and no code bundled with the skill—lowest direct-file risk. The runtime instructions rely on npx to fetch and run browser-relay-cli from the npm registry, which is a normal pattern but means remote code will be executed each time via npx; users should treat the npm package and extension source as external trust surfaces to verify.

✓ Credentials

The skill requests no environment variables, credentials, or config paths. There are no extraneous secrets requested that would be disproportionate to the browser-automation purpose.

ℹ Persistence & Privilege

always:false (normal). The skill may be invoked autonomously by the agent (platform default). Combined with the ability to control a signed-in browser, autonomous invocation increases privacy risk (the agent could autonomously instruct browser actions or read page content). This is not a coherence bug in itself but is a user-relevant privacy consideration.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install browser-automation-skill
安装完成后，直接呼叫该 Skill 的名称或使用 /browser-automation-skill 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Major rewrite: Skill rebranded from generic "browser" automation to "browser-relay" focused on local, real Chrome control via Browser Relay CLI and extension. - Updated usage guidance to require the user to run browser-relay-cli and load the unpacked extension. - Clarified intended use cases: controlling a signed-in local browser, screenshot-guided actions, tab reuse, and working around unreliable DOM selectors. - Explicitly cautioned against using the skill for stealth automation, CAPTCHA bypass, or anti-bot circumvention. - Deprecated old setup and command references; added commands summary in references/commands.md. - Removed sample, setup, and legacy reference/example documentation to match new workflow.

元数据

Slug browser-automation-skill

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题