功能描述

Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with w...

使用说明 (SKILL.md)

Browser Automation with browser-use CLI

Name: Browser Use.Conflict
Author: tang2606

The browser-use command provides fast, persistent browser automation. A background daemon keeps the browser open across commands, giving ~50ms latency per call.

Prerequisites

browser-use doctor    # Verify installation

For setup details, see https://github.com/browser-use/browser-use/blob/main/browser_use/skill_cli/README.md

Core Workflow

Navigate: browser-use open \x3Curl> — starts browser if needed
Inspect: browser-use state — returns clickable elements with indices
Interact: use indices from state (browser-use click 5, browser-use input 3 "text")
Verify: browser-use state or browser-use screenshot to confirm
Repeat: browser stays open between commands
Cleanup: browser-use close when done

Browser Modes

browser-use open \x3Curl>                         # Default: headless Chromium
browser-use --headed open \x3Curl>                # Visible window
browser-use --profile "Default" open \x3Curl>      # Real Chrome with Default profile (existing logins/cookies)
browser-use --profile "Profile 1" open \x3Curl>   # Real Chrome with named profile
browser-use --connect open \x3Curl>               # Auto-discover running Chrome via CDP
browser-use --cdp-url ws://localhost:9222/... open \x3Curl>  # Connect via CDP URL

--connect, --cdp-url, and --profile are mutually exclusive.

Commands

# Navigation
browser-use open \x3Curl>                    # Navigate to URL
browser-use back                          # Go back in history
browser-use scroll down                   # Scroll down (--amount N for pixels)
browser-use scroll up                     # Scroll up
browser-use switch \x3Ctab>                  # Switch to tab by index
browser-use close-tab [tab]              # Close tab (current if no index)

# Page State — always run state first to get element indices
browser-use state                         # URL, title, clickable elements with indices
browser-use screenshot [path.png]         # Screenshot (base64 if no path, --full for full page)

# Interactions — use indices from state
browser-use click \x3Cindex>                 # Click element by index
browser-use click \x3Cx> \x3Cy>                 # Click at pixel coordinates
browser-use type "text"                   # Type into focused element
browser-use input \x3Cindex> "text"          # Click element, then type
browser-use keys "Enter"                  # Send keyboard keys (also "Control+a", etc.)
browser-use select \x3Cindex> "option"       # Select dropdown option
browser-use upload \x3Cindex> \x3Cpath>         # Upload file to file input
browser-use hover \x3Cindex>                 # Hover over element
browser-use dblclick \x3Cindex>              # Double-click element
browser-use rightclick \x3Cindex>            # Right-click element

# Data Extraction
browser-use eval "js code"                # Execute JavaScript, return result
browser-use get title                     # Page title
browser-use get html [--selector "h1"]    # Page HTML (or scoped to selector)
browser-use get text \x3Cindex>              # Element text content
browser-use get value \x3Cindex>             # Input/textarea value
browser-use get attributes \x3Cindex>        # Element attributes
browser-use get bbox \x3Cindex>              # Bounding box (x, y, width, height)

# Wait
browser-use wait selector "css"           # Wait for element (--state visible|hidden|attached|detached, --timeout ms)
browser-use wait text "text"              # Wait for text to appear

# Cookies
browser-use cookies get [--url \x3Curl>]     # Get cookies (optionally filtered)
browser-use cookies set \x3Cname> \x3Cvalue>    # Set cookie (--domain, --secure, --http-only, --same-site, --expires)
browser-use cookies clear [--url \x3Curl>]   # Clear cookies
browser-use cookies export \x3Cfile>         # Export to JSON
browser-use cookies import \x3Cfile>         # Import from JSON

# Python — persistent session with browser access
browser-use python "code"                 # Execute Python (variables persist across calls)
browser-use python --file script.py       # Run file
browser-use python --vars                 # Show defined variables
browser-use python --reset                # Clear namespace

# Session
browser-use close                         # Close browser and stop daemon
browser-use sessions                      # List active sessions
browser-use close --all                   # Close all sessions

The Python browser object provides: browser.url, browser.title, browser.html, browser.goto(url), browser.back(), browser.click(index), browser.type(text), browser.input(index, text), browser.keys(keys), browser.upload(index, path), browser.screenshot(path), browser.scroll(direction, amount), browser.wait(seconds).

Cloud API

browser-use cloud connect                 # Provision cloud browser and connect
browser-use cloud connect --timeout 120 --proxy-country US  # With options
browser-use cloud login \x3Capi-key>         # Save API key (or set BROWSER_USE_API_KEY)
browser-use cloud logout                  # Remove API key
browser-use cloud v2 GET /browsers        # REST passthrough (v2 or v3)
browser-use cloud v2 POST /tasks '{"task":"...","url":"..."}'
browser-use cloud v2 poll \x3Ctask-id>       # Poll task until done
browser-use cloud v2 --help               # Show API endpoints

cloud connect provisions a cloud browser, connects via CDP, and prints a live URL. browser-use close disconnects AND stops the cloud browser.

Tunnels

browser-use tunnel \x3Cport>                 # Start Cloudflare tunnel (idempotent)
browser-use tunnel list                   # Show active tunnels
browser-use tunnel stop \x3Cport>            # Stop tunnel
browser-use tunnel stop --all             # Stop all tunnels

Profile Management

browser-use profile list                  # List detected browsers and profiles
browser-use profile sync --all            # Sync profiles to cloud
browser-use profile update                # Download/update profile-use binary

Command Chaining

Commands can be chained with &&. The browser persists via the daemon, so chaining is safe and efficient.

browser-use open https://example.com && browser-use state
browser-use input 5 "[email protected]" && browser-use input 6 "password" && browser-use click 7

Chain when you don't need intermediate output. Run separately when you need to parse state to discover indices first.

Common Workflows

Authenticated Browsing

When a task requires an authenticated site (Gmail, GitHub, internal tools), use Chrome profiles:

browser-use profile list                           # Check available profiles
# Ask the user which profile to use, then:
browser-use --profile "Default" open https://github.com  # Already logged in

Connecting to Existing Chrome

browser-use --connect open https://example.com     # Auto-discovers Chrome's CDP endpoint

Requires Chrome with remote debugging enabled. Falls back to probing ports 9222/9229.

Exposing Local Dev Servers

browser-use tunnel 3000                            # → https://abc.trycloudflare.com
browser-use open https://abc.trycloudflare.com     # Browse the tunnel

Global Options

Option	Description
`--headed`	Show browser window
`--profile [NAME]`	Use real Chrome (bare `--profile` uses "Default")
`--connect`	Auto-discover running Chrome via CDP
`--cdp-url \x3Curl>`	Connect via CDP URL (`http://` or `ws://`)
`--session NAME`	Target a named session (default: "default")
`--json`	Output as JSON
`--mcp`	Run as MCP server via stdin/stdout

Tips

Always run state first to see available elements and their indices
Use --headed for debugging to see what the browser is doing
Sessions persist — browser stays open between commands
CLI aliases: bu, browser, and browseruse all work

Troubleshooting

Browser won't start? browser-use close then browser-use --headed open \x3Curl>
Element not found? browser-use scroll down then browser-use state
Run diagnostics: browser-use doctor

Cleanup

browser-use close                         # Close browser session
browser-use tunnel stop --all             # Stop tunnels (if any)

安全使用建议

This skill appears to be a legitimate browser-automation CLI, but proceed cautiously. Notable red flags: the embedded files (_meta.json) don't match the registry metadata (owner/slug/version), and the instructions reference BROWSER_USE_API_KEY and commands that can access real browser profiles, cookies, local files, and remote tunnels — yet no env vars or config paths are declared. Before installing or allowing this skill to run: 1) verify the source and author (ask for the canonical homepage/repo and confirm the slug/owner/version), 2) ensure the 'browser-use' binary on your system is the genuine tool you expect (check its origin and checksum), 3) avoid using --profile "Default" or any real browser profile during testing (use a disposable profile), 4) do not run cloud connect/tunnel commands or provide API keys until you understand where credentials are stored, and 5) test in an isolated environment (VM/container) if you must exercise commands that export cookies, upload files, or start tunnels. If the maintainer can explain the metadata discrepancy and explicitly declare where API keys/cookies are stored and transmitted, that would materially increase confidence.

功能分析

Type: OpenClaw Skill Name: browser-use-conflict Version: 1.0.0 The skill provides a comprehensive interface to the `browser-use` CLI, granting the agent high-risk capabilities such as arbitrary Python/JavaScript execution (`browser-use python`, `browser-use eval`), session cookie exfiltration (`browser-use cookies export`), and access to local Chrome profiles containing sensitive user data (`--profile`). While these are documented features of the legitimate `browser-use` framework, exposing them to an AI agent without restriction or sanitization poses a significant risk of unauthorized access to authenticated sessions and data exfiltration. No explicit malicious instructions were found in SKILL.md, but the broad permissions are highly suspicious.

能力评估

⚠ Purpose & Capability

SKILL.md describes a browser automation CLI (navigation, clicks, screenshots, cookie export/import, connecting to Chrome via CDP, using real Chrome profiles, cloud provisioning and tunnels). Those capabilities are coherent with the stated purpose, but the package metadata in _meta.json (ownerId, slug, version) does not match the registry metadata provided for this skill (different ownerId/slug/version). That metadata inconsistency is an integrity risk (packaging / provenance mismatch) and reduces trust.

⚠ Instruction Scope

Instructions include actions that access sensitive local state: using a real Chrome profile (existing logins/cookies), exporting cookies to JSON, connecting to a local CDP endpoint (ws://localhost:9222), uploading local files, and provisioning cloud browsers / tunnels. These are within a browser-automation tool's scope, but they materially broaden what the skill can access and transmit. Additionally, SKILL.md refers to BROWSER_USE_API_KEY and a 'cloud login' that 'saves API key'—the skill text instructs the agent to read/store credentials, but the skill declared no required env vars or config paths.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no bundled code — the runtime risk from install mechanisms is low. However, it assumes a 'browser-use' CLI binary already exists on the host, so the trust shifts to whatever binary is present in the environment.

⚠ Credentials

SKILL.md references BROWSER_USE_API_KEY (and a cloud login command that 'saves API key') but requires.env lists nothing. The skill can access local browser profiles, cookies, and local files and can export and send data to cloud browsers or tunnels — these are high-sensitivity capabilities that should have been explicitly declared and justified. The missing declaration of the API key and the ability to read/export cookies/files is disproportionate to the metadata provided and is an information-exposure risk.

✓ Persistence & Privilege

always:false and normal autonomous invocation are used (no 'always' privilege). The SKILL.md does reference saving an API key via 'cloud login' which implies the tool will persist credentials somewhere, but the skill itself does not request permanent platform-level presence or modifications to other skills.

版本历史

v1.0.0

- Initial release of the browser-use skill for automating browser interactions. - Supports web navigation, form filling, screenshots, and data extraction through a persistent browser daemon. - Provides a rich CLI interface for navigation, interactions, data extraction, session management, cloud browser provisioning, and tunneling. - Enables authenticated browsing via Chrome profiles and connections to existing Chrome sessions. - Includes command chaining for efficient multi-step automation workflows.

元数据

Slug browser-use-conflict

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题

Browser Use.Conflict 是什么？

Automates browser interactions for web testing, form filling, screenshots, and data extraction. Use when the user needs to navigate websites, interact with w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 86 次。

如何安装 Browser Use.Conflict？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install browser-use-conflict」即可一键安装，无需额外配置。

Browser Use.Conflict 是免费的吗？

是的，Browser Use.Conflict 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Browser Use.Conflict 支持哪些平台？

Browser Use.Conflict 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Browser Use.Conflict？

由 Wade（@tang2606）开发并维护，当前版本 v1.0.0。

Browser Use.Conflict