功能描述

Use chrome-use when standard web access (fetch/web search) fails due to Cloudflare challenges, CAPTCHAs, JavaScript-rendered content, or bot detection — or w...

使用说明 (SKILL.md)

Chrome Use OpenClaw Skill

Name: Chrome Use
Author: cnlangzi

Control your local Chrome browser via chrome.debugger API using a Chrome extension. Provides Playwright-like functionality with full browser control using your existing Chrome profile, with improved stealth against bot detection.

How to Use (Read First)

⚠️ Non-Headless Mode Required

Do NOT use headless Chrome. Cloudflare and anti-bot systems detect and block headless browsers. Always launch Chrome with the built-in launchChrome() method. If running in a headless environment (no display), Chrome must still be launched in non-headless mode — the extension and debugger API require it.

⚠️ Initialization Sequence

The extension requires 15 seconds to initialize after Chrome starts. Calling connect() too early will fail.

// Import from ./index.js (relative path, NOT 'chrome-use')
import { connect, navigate, evaluate, click, fill, screenshot, disconnect } from './index.js';
import { launchChrome } from './index.js';

// Step 1: Launch Chrome with extension
await launchChrome();

// Step 2: Wait 15 seconds for extension service worker to initialize
await new Promise(r => setTimeout(r, 15000));

// Step 3: Connect to Chrome
await connect();

// Step 4: Use
await navigate('https://example.com');

// ... do things ...

// Disconnect when done
disconnect();

When implementing: always use the built-in launchChrome() function — never spawn Chrome yourself or use other launch methods.

Rules

Always import from ./index.js (relative path), NOT from 'chrome-use'
Do NOT run google-chrome or chromium commands directly
Do NOT use CDP protocol or chrome.debugger directly
Always wait 15 seconds after launchChrome() before calling connect()
Chrome can be running already — launchChrome() will open a new window if Chrome is already running
If port 9224 is in use: run fuser -k 9224/tcp first

Features

Stealth First: Uses chrome.debugger API via extension to evade anti-bot detection (Cloudflare, reCAPTCHA, fingerprinting)
Auto WebSocket Server: Automatically starts and manages WebSocket server for extension communication
Real Browser Rendering: Access JavaScript-rendered content and SPAs that standard search cannot
Direct Search Engine Access: Query Google, Bing, etc. as a real user - returns unfiltered, real-time results
Full Browser Control - Navigate, click, fill, hover, scroll, screenshot, execute JavaScript
Tab Management - List, create, close, and switch tabs
Cross-Platform - Supports macOS, Windows, and Linux

Installation (One-time)

Chrome extension must be installed manually (one-time):

Open Chrome → chrome://extensions/
Enable "Developer mode" (toggle in top right)
Click "Load unpacked"
Select the extension/ folder in the skill directory

After this, the extension loads automatically every time Chrome starts — no need to reload it each session.

Install npm dependencies:

cd ~/workspace/skills/chrome-use && npm install

Functions

Connection Management

connect()

Connect to Chrome via extension WebSocket server. Starts the WebSocket server and waits for the extension to connect. Does NOT launch Chrome - you must call launchChrome() first.

await launchChrome();
await new Promise(r => setTimeout(r, 15000));
await connect();
// Returns: { status: "connected", mode: "debugger", port: 9224, extension_installed: true, tab_id: 12345 }

disconnect()

Disconnect from Chrome browser. Does NOT close Chrome - leaves it running.

isConnected()

Check if currently connected to Chrome extension. Returns: boolean

launchChrome()

Launch Chrome with the extension loaded. After calling this, you MUST wait 15 seconds before calling connect().

{ status: "launched", pid: 12345 }

Page Operations

navigate(url)

Navigate to a URL.

evaluate(script)

Execute JavaScript synchronously.

const title = await evaluate("document.title");

getHtml()

Get the page HTML. Returns: string

screenshot(fullPage?)

Take a screenshot. fullPage (boolean, optional): Capture full page or just viewport (default: false). Returns: string (Base64 PNG)

Element Interaction

click(selector)

Click an element using CSS selector.

fill(selector, value)

Input text into an element.

Tab Management

listTabs()

List all open tabs.

[
  { id: 708554825, title: "Google", url: "https://google.com", active: true },
  { id: 708554826, title: "Example", url: "https://example.com", active: false }
]

switchTab(tabId)

Switch to a different tab.

closeTab(tabId)

Close a tab.

newTab(url?)

Create a new tab.

Common Mistakes

Don't Do This	Why
`import ... from 'chrome-use'`	Not a npm package. Use `from './index.js'`
`google-chrome --load-extension=...`	Use `launchChrome()` instead
`npm install chrome-use`	Not published to npm
Calling `connect()` immediately after `launchChrome()`	Always wait 15 seconds first
Port 9224 in use	Run `fuser -k 9224/tcp` first

Troubleshooting

connect() fails

Did you wait 15 seconds after launchChrome()?
Is port 9224 free? (fuser -k 9224/tcp)
Is the extension installed in Chrome?

Port 9224 already in use

fuser -k 9224/tcp

Notes

Node.js starts a WebSocket server (port 9224) via connect(); the Chrome extension connects to Node.js as a WebSocket client, then uses chrome.debugger API to control Chrome
disconnect() does NOT close Chrome by default
All selectors use CSS selector syntax

安全使用建议

This skill appears to do what it claims (control a real Chrome via an extension) but contains design choices that raise privacy and exposure risks. Before installing or using it, consider the following: - Do not run this against your regular Chrome profile. The bridge launches Chrome with --user-data-dir pointed at your normal profile, which exposes cookies, sessions, extensions, cached credentials and other private data. Use a disposable / new profile or a VM. - The extension has powerful permissions (debugger, tabs, host permissions for all sites). Installing it permanently grants it broad access to your browsing activity; review the extension code yourself and be prepared to remove it after use. - The WebSocket server (port 9224) is unauthenticated and the Node code uses new WebSocketServer({ port }) which typically binds to all network interfaces. If your machine is on a network, other hosts could reach that port. Either ensure it binds only to localhost or block the port in your firewall before launching. - The repo docs are inconsistent (README mentions Python while the packaged server is Node) — this suggests stale/copied documentation. Audit the code paths you plan to use and validate behavior locally. - If you need to use this skill, run it in an isolated environment (separate OS user, container, or VM), avoid loading your main Chrome profile, inspect the extension files, and consider adding an authenticated local proxy (or modify the server to bind to localhost only) before granting it access. What would raise confidence to 'benign': explicit localhost-only binding for the WebSocket server, removing use of the real profile (use a temporary profile by default), narrower host permissions, clearer docs matching the packaged language, and an authentication mechanism for the local control channel.

功能分析

Type: OpenClaw Skill Name: chrome-use Version: 0.1.5 The skill provides high-privilege control over the user's local Chrome browser by launching it with the user's actual profile directory (`--user-data-dir` in `src/chrome-bridge.js`), exposing all active sessions, cookies, and personal data to the AI agent. It requires manual installation of an unpacked extension with the `debugger` permission (`extension/manifest.json`), which bypasses standard browser security to allow arbitrary script execution and inspection of any tab. While these capabilities are plausibly intended for stealthy automation and bypassing anti-bot measures as stated in `SKILL.md`, the lack of profile isolation and the requirement to downgrade browser security represent a significant risk of accidental or prompted data exfiltration.

能力评估

ℹ Purpose & Capability

The name/description (control Chrome via the debugger API to bypass anti-bot) aligns with the code: an extension (debugger permission) + a local server + Node client that issues navigation/evaluate/click/fill/screenshot commands. However the implementation intentionally accesses the user's Chrome profile directory and requests wide host_permissions which are stronger than what most automation tasks strictly require (they may be justified for 'stealth' but are disproportionate to simple page retrieval).

⚠ Instruction Scope

Runtime instructions and code direct launching Chrome using the user's profile directory and loading a persistent extension with broad permissions; they instruct waiting, manual extension installation, using launchChrome() only, and disallow other debug methods. The skill (and extension) can read/execute arbitrary JS in pages, access all http(s) sites, take screenshots and obtain page HTML — effectively full access to browsing data and session state. SKILL.md and extension README contain inconsistencies (README refers to a Python server while the packaged server is Node), which suggests stale or copied docs and reduces trust in the instructions.

ℹ Install Mechanism

No remote downloads or unusual installers are used: code is bundled with the skill, and npm install is the only dependency-step. That is lower risk vs fetching arbitrary binaries. Still, there is no formal install spec in the registry metadata and the extension must be manually loaded into Chrome (persistent browser change).

⚠ Credentials

The skill requests no cloud credentials, which is appropriate, but it programmatically uses the user's Chrome profile (HOME/LOCALAPPDATA paths) and launches Chrome with --user-data-dir pointing at that profile. This grants the skill and extension access to cookies, logged-in sessions, and potentially other sensitive browser-stored data. The extension's manifest requests debugger, tabs, activeTab, nativeMessaging and host permissions for all http/https sites — broad permissions that are plausible for a stealth automation tool but pose high privacy risk and are disproportionate unless the user explicitly intends to expose their profile/state.

⚠ Persistence & Privilege

The extension is installed manually and then persists in Chrome with broad permissions (host_permissions and debugger). That gives long-term, browser-level privileges outside the agent; combined with the skill's server it increases blast radius. The Node WebSocket server binds to a port (9224) and accepts extension connections; the code uses new WebSocketServer({ port }) without a host option, which typically binds to all interfaces rather than localhost, meaning the service may be reachable from the network if the machine is not firewalled. The skill itself does not modify other skills, and always:false mitigates forced inclusion, but persistent browser extension + network-exposed server is a meaningful privilege.

版本历史

v0.1.5

chrome-use 0.1.5 changelog: - Documentation significantly streamlined in SKILL.md for easier usage and setup, with new focus on required non-headless operation and launch sequence. - Simplified usage instructions and troubleshooting sections. - Updated extension and manifest files for compatibility and/or minor fixes. - Removed outdated or redundant documentation (DESIGN.md).

v0.1.4

No file changes detected for version 0.1.4. - No updates or modifications were made in this version. - Functionality, documentation, and behavior remain unchanged.

v0.1.3

- Updated extension and package metadata for better compatibility. - Bumped internal extension version for maintenance. - No breaking changes or new features in this version.

v0.1.2

**Major update: chrome-use is now a Node.js-based browser automation skill using a Chrome extension and WebSocket server for stealth, JavaScript-rendered content, and anti-bot evasion.** - Switched backend to Node.js (requires Node.js ≥18); removed Python dependencies. - Introduced a bundled Chrome extension using the chrome.debugger API for stealthy control and anti-bot bypass. - Added automatic local WebSocket server for communication between the skill and extension. - New core workflow: launch Chrome via `launchChrome()`, wait 15 seconds for the extension to initialize, then connect using `connect()`. - Updated documentation and usage pattern; direct Python/CDP usage removed in favor of extension/WebSocket approach. - Added new scripts, extension files, and supporting code; removed obsolete Python/old scripts.

v0.1.1

- Updated version to 0.1.1 and added metadata fields for license, author, and repository. - Renamed connection functions: use connect/disconnect/is_chrome_running instead of connect_chrome/disconnect/is_running for consistency. - Added and clarified functionality for scroll (relative) and scroll_to (absolute) operations. - Improved and expanded skill description, compatibility, and usage documentation in SKILL.md. - Clarified function parameters, return values, and example usages.

v0.1.0

Initial release of chrome-use: full local Chrome control via DevTools Protocol. - Connects to your own Chrome profile, auto-starts Chrome with debugging if needed. - Provides functions for tab management, navigation, DOM interaction (click, fill, hover, scroll), and screenshots. - Supports direct JavaScript execution (sync/async) in open tabs. - Lets you list, switch, create, and close tabs across profiles. - Optionally manages Chrome process lifecycle; does not forcibly close user’s Chrome by default.

元数据

Slug chrome-use

版本 0.1.5

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 6

常见问题

Chrome Use 是什么？

Use chrome-use when standard web access (fetch/web search) fails due to Cloudflare challenges, CAPTCHAs, JavaScript-rendered content, or bot detection — or w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 360 次。

如何安装 Chrome Use？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install chrome-use」即可一键安装，无需额外配置。

Chrome Use 是免费的吗？

是的，Chrome Use 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Chrome Use 支持哪些平台？

Chrome Use 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Chrome Use？

由 cnlangzi（@cnlangzi）开发并维护，当前版本 v0.1.5。

Chrome Use