{"skill":{"slug":"browser-auth","displayName":"Browser Auth","summary":"Start a secure remote browser tunnel for manual user authentication (solving Captchas, 2FA, logins) and capture session data. Built for AI Commander.","description":"---\nname: browser-auth\ndescription: Start a secure remote browser tunnel for manual user authentication (solving Captchas, 2FA, logins) and capture session data. Built for AI Commander.\nmetadata: {\n  \"author\": \"Skippy & Lucas (AI Commander)\",\n  \"homepage\": \"https://aicommander.dev\",\n  \"env\": {\n    \"AUTH_HOST\": { \"description\": \"IP to bind the server to (default: 127.0.0.1). Use 0.0.0.0 only with a secure tunnel.\", \"default\": \"127.0.0.1\" },\n    \"AUTH_TOKEN\": { \"description\": \"Secret token for accessing the tunnel (default: random hex string).\" },\n    \"BROWSER_PROXY\": { \"description\": \"SOCKS5/HTTP proxy for the browser (e.g. socks5://127.0.0.1:40000).\" }\n  },\n  \"openclaw\": {\n    \"requires\": { \"bins\": [\"node\", \"chromium-browser\"] },\n    \"install\": [\n      {\n        \"id\": \"npm-deps\",\n        \"kind\": \"exec\",\n        \"command\": \"npm install express socket.io playwright-core\",\n        \"label\": \"Install Node.js dependencies\"\n      }\n    ]\n  }\n}\n---\n\n# Browser Auth\n\nThis skill allows the agent to request the user to perform a manual login on a website and then capture the session cookies/localStorage for further automated work.\n\n## 🚨 Security & Risk Mitigation\n\nWe take security seriously. Below is how we address common concerns related to remote browser control:\n\n### 1. Remote Code Execution (RCE) Protection\n*   **Always Sandboxed**: Chromium runs with the system sandbox **ENABLED**. There is no option to disable it in the code. This prevents a malicious website from escaping the browser and executing code on your host.\n*   **Isolation Recommendation**: We recommend running this skill within an isolated container (Docker) or a dedicated VM for an extra layer of protection.\n\n### 2. Token Leakage (Referrer Protection)\n*   **Referrer Policy**: The server enforces `Referrer-Policy: no-referrer`. This ensures that even if you navigate to an untrusted site, your secret `AUTH_TOKEN` is NEVER sent in the HTTP Referer header.\n*   **URL Cleansing**: The interface automatically clears the `token` parameter from your browser's address bar immediately after the page loads.\n\n### 3. Data Sensitivity\n*   **Session Artifacts**: The `session.json` file contains active login cookies. Treat it with the same level of security as a password.\n*   **Mandatory Cleanup**: Always delete the session file immediately after the agent finishes its task.\n*   **No Persistence**: This skill does not store credentials long-term or exfiltrate them to external servers.\n\n### 4. Network Exposure\n*   **Default Local Bind**: By default, the server binds to `127.0.0.1`. \n*   **Secure Access**: If you need remote access, do not bind to `0.0.0.0` directly. Instead, use a secure tunnel like **Tailscale**, **Cloudflare Tunnel (cloudflared)**, or an **SSH tunnel**.\n\n## When to Use\n\n- When a website requires manual interaction to solve Captcha or 2FA.\n- When bot detection prevents automated login.\n- When you want to authorize an agent without sharing your password.\n\n## Workflow\n\n1.  **Request Auth**: Start the tunnel using `scripts/auth_server.js`.\n2.  **Provide Link**: Share the link (including token) with the intended user over a secure channel.\n3.  **Wait for Session**: The user logs in and clicks **DONE** in the web UI.\n4.  **Verify**: Use `scripts/verify_session.js` to confirm the session is valid.\n5.  **Cleanup**: Delete the session file once the task is complete.\n\n## Tools\n\n### Start Auth Server\n```bash\nAUTH_HOST=127.0.0.1 AUTH_TOKEN=mysecret node scripts/auth_server.js <port> <session_file>\n```\n\n### Verify Session\n```bash\nnode scripts/verify_session.js <session_file> <target_url> <expected_text>\n```\n\n## Runtime Requirements\nRequires: `express`, `socket.io`, `playwright-core`, and a system `chromium-browser`.\n","tags":{"latest":"1.6.0"},"stats":{"comments":0,"downloads":1754,"installsAllTime":3,"installsCurrent":3,"stars":0,"versions":12},"createdAt":1771322448876,"updatedAt":1779077030487},"latestVersion":{"version":"1.6.0","createdAt":1771405754016,"changelog":"Default host changed to 0.0.0.0 so the printed URL is accessible from outside (not localhost-only)","license":null},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"lksrz","userId":"s17b6crtnk6vmr4xzjqkdctb6h884ay8","displayName":"Coder AI","image":"https://avatars.githubusercontent.com/u/72931508?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1779972583511}}