功能描述

Rust-based Chrome automation for ultra-fast, token-efficient DOM extraction, session management, screenshots, infinite scroll harvesting, and sitemap analysis.

使用说明 (SKILL.md)

Fastest Browser Use

Name: Fast Browser Use 1.0.5
Author: makforce

A Rust-based browser automation engine that provides a lightweight binary driving Chrome directly via CDP. It is optimized for token-efficient DOM extraction, robust session management, and speed.

Terminal Demo

🧪 Recipes for Agents

1. Bypass "Bot Detection" via Human Emulation

Simulate mouse jitter and random delays to scrape protected sites.

fast-browser-use navigate --url "https://protected-site.com" \
  --human-emulation \
  --wait-for-selector "#content"

2. The "Deep Freeze" Snapshot

Capture the entire DOM state and computed styles for perfect reconstruction later.

fast-browser-use snapshot --include-styles --output state.json

3. Login & Cookie Heist

Log in manually once, then steal the session for headless automation.

Step 1: Open non-headless for manual login

fast-browser-use login --url "https://github.com/login" --save-session ./auth.json

Step 2: Reuse session later

fast-browser-use navigate --url "https://github.com/dashboard" --load-session ./auth.json

4. 🚜 Infinite Scroll Harvester

Extract fresh data from infinite-scroll pages — perfect for harvesting the latest posts, news, or social feeds.

# Harvest headlines from Hacker News (scrolls 3x, waits 800ms between)
fast-browser-use harvest \
  --url "https://news.ycombinator.com" \
  --selector ".titleline a" \
  --scrolls 3 \
  --delay 800 \
  --output headlines.json

Real output (59 unique items in ~6 seconds):

[
  "Genode OS is a tool kit for building highly secure special-purpose OS",
  "Mobile carriers can get your GPS location",
  "Students using \"humanizer\" programs to beat accusations of cheating with AI",
  "Finland to end \"uncontrolled human experiment\" with ban on youth social media",
  ...
]

Works on any infinite scroll page: Reddit, Twitter, LinkedIn feeds, search results, etc.

5. 📸 Quick Screenshot

Capture any page as PNG:

fast-browser-use screenshot \
  --url "https://example.com" \
  --output page.png \
  --full-page  # Optional: capture entire scrollable page

6. 🗺️ Sitemap & Page Structure Analyzer

Discover how a site is organized by parsing sitemaps and analyzing page structure.

# Basic sitemap discovery (checks robots.txt + common sitemap URLs)
fast-browser-use sitemap --url "https://example.com"

# Full analysis with page structure (headings, nav, sections)
fast-browser-use sitemap \
  --url "https://example.com" \
  --analyze-structure \
  --max-pages 10 \
  --max-sitemaps 5 \
  --output site-structure.json

Options:

--analyze-structure: Also extract page structure (headings, nav, sections, meta)
--max-pages N: Limit structure analysis to N pages (default: 5)
--max-sitemaps N: Limit sitemap parsing to N sitemaps (default: 10, useful for large sites)

Example output:

{
  "base_url": "https://example.com",
  "robots_txt": "User-agent: *\
Sitemap: https://example.com/sitemap.xml",
  "sitemaps": ["https://example.com/sitemap.xml"],
  "pages": [
    "https://example.com/about",
    "https://example.com/products",
    "https://example.com/contact"
  ],
  "page_structures": [
    {
      "url": "https://example.com",
      "title": "Example - Home",
      "headings": [
        {"level": 1, "text": "Welcome to Example"},
        {"level": 2, "text": "Our Services"}
      ],
      "nav_links": [
        {"text": "About", "href": "/about"},
        {"text": "Products", "href": "/products"}
      ],
      "sections": [
        {"tag": "main", "id": "content", "role": "main"},
        {"tag": "footer", "id": "footer", "role": null}
      ],
      "main_content": {"tag": "main", "id": "content", "word_count": 450},
      "meta": {
        "description": "Example company homepage",
        "canonical": "https://example.com/"
      }
    }
  ]
}

Use this to understand site architecture before scraping, map navigation flows, or audit SEO structure.

⚡ Performance Comparison

Feature	Fast Browser Use (Rust)	Puppeteer (Node)	Selenium (Java)
Startup Time	\x3C 50ms	~800ms	~2500ms
Memory Footprint	15 MB	100 MB+	200 MB+
DOM Extract	Zero-Copy	JSON Serialize	Slow Bridge

Capabilities & Tools

Vision & Extraction

vision_map: Returns a screenshot overlay with numbered bounding boxes for all interactive elements.
snapshot: Capture the raw HTML snapshot (YAML/Markdown optimized for AI).
screenshot: Capture a visual image of the page.
extract: Get structured data from the DOM.
markdown: Convert the current page content to Markdown.
sitemap: Analyze site structure via robots.txt, sitemaps, and page semantic analysis.

Navigation & Lifecycle

navigate: Visit a specific URL.
go_back / go_forward: Traverse browser history.
wait: Pause execution or wait for specific conditions.
new_tab: Open a new browser tab.
switch_tab: Switch focus to a specific tab.
close_tab: Close the current or specified tab.
tab_list: List all open tabs.
close: Terminate the browser session.

Interaction

click: Click elements via CSS selectors or DOM indices.
input: Type text into fields.
press_key: Send specific keyboard events.
hover: Hover over elements.
scroll: Scroll the viewport.
select: Choose options in dropdowns.

State & Debugging

cookies: Manage session cookies (get/set).
local_storage: Manage local storage data.
debug: Access console logs and debug information.

Usage

This skill is specialized for complex web interactions that require maintaining state (like being logged in), handling dynamic JavaScript content, or managing multiple pages simultaneously. It offers higher performance and control compared to standard fetch-based tools.

安全使用建议

This package appears to implement a legitimate, fast Chrome automation tool, but several issues merit caution: - Inconsistencies: registry metadata claims no install/requirements, yet SKILL.md lists install steps (brew/cargo) and requires CHROME_PATH. Confirm which metadata is authoritative before installing. - Sensitive capabilities: the skill documents saving and reloading browser session cookies and explicitly shows how to "steal the session." That is a legitimate convenience for automation but can be abused (account takeover, unauthorized scraping). Treat any saved session files (auth.json) as highly sensitive secrets. - Bot-evasion guidance: SKILL.md includes instructions to circumvent bot-detection (injecting mouse jitter, disabling automation flags). Using those techniques against protected sites may violate terms of service or laws. Review legal/privacy policies before using. - Install source: SKILL.md recommends a third-party Homebrew tap (rknoche6/tap). Installing binaries from third-party taps requires trust; prefer building from the included source (cargo build) and auditing the code paths that handle cookies, remote endpoints, and network I/O. - Exposure surface: the MCP server can open local HTTP/SSE endpoints (default binds to 127.0.0.1:3000) — ensure it is not inadvertently exposed to untrusted networks. If you are uneasy, disable autonomous invocation for the skill or run it in an isolated environment/container and avoid supplying sensitive session files. Practical next steps before installing: 1) Verify the repository and Homebrew tap URLs point to the expected author and check release integrity. 2) Audit the code paths around session saving/loading, cookie handling, and any network listeners the MCP server opens. 3) If you must test, build from source (cargo build --release) in an isolated environment and avoid loading sessions from other accounts. Do not run the MCP server on network interfaces reachable by untrusted hosts. 4) Consider disabling autonomous invocation (disable-model-invocation) while you evaluate, and limit file system access to only safe directories. Given the explicit instructions that facilitate session reuse and bot-evasion, treat this skill as potentially high-risk until you review and control its installation and runtime environment.

功能分析

Type: OpenClaw Skill Name: fast-browser-use-1-0-5 Version: 1.0.0 The OpenClaw AgentSkills bundle provides a Rust-based browser automation tool. It is classified as suspicious due to several high-risk capabilities. Primarily, the `src/bin/cli.rs` and `src/bin/mcp_server.rs` binaries explicitly disable the Chrome sandbox by default, which significantly reduces the browser's security posture and increases vulnerability to exploits. Additionally, the `evaluate` tool in `src/tools/evaluate.rs` allows for arbitrary JavaScript code execution within the browser context, granting powerful control that could be misused for data exfiltration or client-side attacks. While these features are documented and appear intended for legitimate automation, their inherent risks warrant a 'suspicious' classification rather than 'benign', as there is no clear evidence of intentional malicious behavior such as unauthorized data exfiltration to external endpoints or persistence mechanisms.

能力评估

ℹ Purpose & Capability

The code (Rust library, CLI, MCP server) implements the advertised browser automation, DOM extraction, sitemap analysis and session management. However the published registry metadata is inconsistent with SKILL.md: the top-level metadata listed no install spec and no required env vars, while SKILL.md declares install steps (brew/cargo) and requires CHROME_PATH. The SKILL.md wording like "Login & Cookie Heist" is a red flag in tone (it documents cookie/session export/import explicitly). Functionality itself (save/load session, CDP control) is coherent with the stated purpose, but the metadata/documentation mismatches and wording are suspicious.

⚠ Instruction Scope

SKILL.md explicitly advises techniques to bypass bot detection (mouse jitter and disabling automation flags) and includes a recipe to save and later reload session cookies (labelled as a "heist"). Those instructions direct the agent to persist and reuse authentication cookies and to run commands that defeat anti-bot measures — actions that enable abuse (account takeover, scraping behind login). The skill also includes an MCP server that can accept commands over stdio, SSE or HTTP (127.0.0.1) to control the browser; combined with autonomous invocation this expands the blast radius. The instructions also direct installs from a third-party Homebrew tap and cargo, and to read/write local session files — all outside a minimal scraping scope.

ℹ Install Mechanism

SKILL.md recommends installing from a third-party Homebrew tap (rknoche6/tap/fast-browser-use) or via cargo. There is no download-from-arbitrary-URL pattern in the code. Using a third-party brew tap is a moderate risk (trust required) but consistent with publishing a Rust binary. Also: registry metadata incorrectly indicated "no install spec" while SKILL.md contains an install section — an inconsistency to resolve before installing.

ℹ Credentials

The skill does not request cloud API keys or unrelated credentials. SKILL.md indicates CHROME_PATH (local browser path) is required, which is proportionate. However the skill reads/writes session files (cookies/auth.json) and can be pointed at CDP/WebSocket endpoints; those capabilities allow capturing and replaying authentication material — sensitive behavior that is functionally related but privacy/security-sensitive. Also the registry metadata omits CHROME_PATH while SKILL.md requires it (incoherent).

✓ Persistence & Privilege

always:false and default autonomous invocation (disable-model-invocation:false) are present. Autonomous invocation is expected for MCP plugins. The skill can run a local MCP server (stdio, SSE, HTTP on 127.0.0.1) to accept commands; this is normal for an automation tool but increases attack surface if the server is exposed or misconfigured. There is no evidence the skill forcibly persists itself into the agent beyond normal install behaviour.

版本历史

v1.0.0

- Initial release of fast-browser-use: a Rust-powered browser automation tool. - Offers 10x faster DOM extraction than Puppeteer, with efficient Chrome control via CDP. - Provides recipes for scraping, session management, infinite scroll harvesting, screenshots, and site structure analysis. - Includes both navigation and interaction commands (click, input, scroll, etc.) and advanced extraction tools. - Lightweight (15 MB memory footprint) and quick startup (< 50ms), optimized for high-performance browser automation. - Supports macOS and Linux, installable via Homebrew or Cargo.

元数据

Slug fast-browser-use-1-0-5

版本 1.0.0

许可证 —

累计安装 5

当前安装数 5

历史版本数 1

常见问题

Fast Browser Use 1.0.5 是什么？

Rust-based Chrome automation for ultra-fast, token-efficient DOM extraction, session management, screenshots, infinite scroll harvesting, and sitemap analysis. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 589 次。

如何安装 Fast Browser Use 1.0.5？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install fast-browser-use-1-0-5」即可一键安装，无需额外配置。

Fast Browser Use 1.0.5 是免费的吗？

是的，Fast Browser Use 1.0.5 完全免费（开源免费），可自由下载、安装和使用。

Fast Browser Use 1.0.5 支持哪些平台？

Fast Browser Use 1.0.5 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Fast Browser Use 1.0.5？

由 Makforce（@makforce）开发并维护，当前版本 v1.0.0。

Fast Browser Use 1.0.5