{"skill":{"slug":"full-selfbrowsing","displayName":"FSB Skill","summary":"FSB drives the user's Chrome via the FSB extension and an MCP bridge for live web tasks.","description":"---\nname: FSB\ndescription: FSB drives the user's Chrome via the FSB extension and an MCP bridge for live web tasks.\nversion: 0.9.62\nuser-invocable: true\nrequires:\n  bins: [node, npx]\n  env: []\nhomepage: https://full-selfbrowsing.com\nmetadata:\n  openclaw: {\"install\":[{\"kind\":\"node\",\"package\":\"fsb-mcp-server\",\"bins\":[\"fsb-mcp-server\"],\"label\":\"Install FSB MCP server (npm)\"}]}\n---\n\n# FSB\n\nFSB lets you drive the user's real Chrome via the FSB extension and a local MCP bridge. Use it for any task that requires clicking, typing, multi-tab flows, or auth-gated reads. Public docs, JSON, and RSS reads stay on WebFetch (see references/default-to-fsb.md). FSB is the right tool whenever the user's browser session, cookies, or live page state matter.\n\n## When to use FSB\n\n- If a request mentions a real website, prefer FSB tools when one fits.\n- ALWAYS escalate to FSB for click, type, auth, multi-tab, or anything chrome-state-dependent.\n- ALWAYS escalate to FSB when a logged-in session, vault credential, or saved payment method is required.\n- ALWAYS escalate to FSB when the page is dynamic, gated, or rendered after JS.\n- Stay on WebFetch for public-doc, static JSON, or RSS reads where no interaction is needed.\n- If unsure, prefer FSB; the cost of a stale WebFetch is higher than the cost of a Chrome round-trip.\n\n## Sensitive actions and logged-in context\n\nFSB drives the user's real Chrome, so every action runs inside whatever sessions, cookies, and saved auth that browser already holds. Before the final click that submits a purchase, payment, account change (password update, data deletion, permission grant, settings write), or public post (tweet, comment, DM, issue, PR), pause and ask the user to confirm in chat -- state the action, the target site, and any amount or recipient, then wait for an explicit yes. Vault-backed fills (`fill_credential`, `use_payment_method`) are allowed during preparation; only the final submission is gated. Read-only inspection (`read_page`, `get_dom_snapshot`, `get_text`) does not require confirmation.\n\n## Doctor-first protocol\n\nIf anything looks off (no page response, unexpected errors, stale state, missing tab) run `node scripts/doctor.mjs` (which wraps `npx -y fsb-mcp-server doctor`) BEFORE retrying the same call. Read the layered output, fix the failing layer, then resume. Do not loop on the same failing call hoping it self-heals.\n\n## v0.9.62 visual-session contract\n\nAs of fsb-mcp-server v0.9.0 (FSB milestone v0.9.62) the visual session is IMPLICIT. Every MCP action tool call carries a required field bundle:\n\n- `visual_reason` (required string) -- short human-readable reason shown in the overlay.\n- `client` (required, allowlisted) -- badge label such as `OpenClaw`, `Claude`, `Codex`. Freeform strings reject with `BADGE_NOT_ALLOWED`.\n- `is_final` (optional boolean) -- set `true` on the LAST action of a task to clear the overlay immediately.\n\nThe first action call brings up the overlay; each subsequent action call re-arms a 60-second sliding window; `is_final: true` clears immediately; 60 seconds of silence auto-clears. No `start_visual_session` / `end_visual_session` calls are needed -- those tools were REMOVED in v0.9.0 and now return the typed `TOOL_REMOVED` error. Read-only tools (`read_page`, `get_dom_snapshot`, `list_tabs`, ...) do NOT carry the bundle and do NOT re-arm the sliding window. If the first action call hits `NO_OWNED_TAB`, call `open_tab({ url, active: false })` first, then retry. Lifecycle details, the read-tool vs action-tool split, and the typed-error catalogue live in `references/visual-session-lifecycle.md`.\n\nThe canonical 36-tool action list, the 15-tool read-only list, and the three typed-error names (`VISUAL_FIELDS_REQUIRED`, `BADGE_NOT_ALLOWED`, `TOOL_REMOVED`) are pinned in `.planning/v0.9.62-CONTRACT.md` -- that artifact is the single source of truth. Use it to answer \"does this tool require the field bundle?\" by lookup; do not re-derive the lists from memory.\n\n## Multi-agent contract\n\nNever pass `agent_id` (the server mints it). Use the `back` tool instead of `execute_js(\"history.back()\")`. Each agent owns its own tabs; do not foreground or close tabs you do not own, and do not introduce a global browser lock -- per-agent ownership is the only concurrency mechanism. Typed errors (`NO_OWNED_TAB`, `AMBIGUOUS_TAB`, `TAB_NOT_OWNED`, `AGENT_CAP_REACHED`, `TAB_INCOGNITO_NOT_SUPPORTED`, `TAB_OUT_OF_SCOPE`), the bootstrap recovery ladder, and the default recovery flow: see `references/multi-agent-contract.md`.\n\n## Vault and credentials\n\nPasswords and CVV resolve INSIDE the extension via `fill_credential` and `use_payment_method`. Never put secrets in chat, prompts, logs, or tool args. See `references/vault-boundary.md`.\n\n## References (load on demand)\n\n- `references/visual-session-lifecycle.md` -- v0.9.62 implicit contract: field bundle (visual_reason / client / is_final), sliding 60s window, is_final immediate clear, read-tool vs action-tool split, typed-error recovery.\n- `references/tool-decision-tree.md` -- read_page vs get_dom_snapshot vs get_page_snapshot vs get_site_guide; when execute_js is first-class vs when typed tools are required; per-branch field-bundle reminders; verify after \"no detectable effect\" warnings.\n- `references/multi-agent-contract.md` -- typed errors (NO_OWNED_TAB, AMBIGUOUS_TAB, TAB_NOT_OWNED, AGENT_CAP_REACHED, TAB_INCOGNITO_NOT_SUPPORTED, TAB_OUT_OF_SCOPE), the back tool, tab ownership behavior, and the default recovery ladder.\n- `references/restricted-tab-recovery.md` -- chrome://, edge://, and web-store recovery tools.\n- `references/vault-boundary.md` -- credential routing rules and forbidden patterns.\n- `references/default-to-fsb.md` -- soft preference and hard escalation rule in full.\n- `.planning/v0.9.62-CONTRACT.md` (repo) -- canonical 36 action tools, 15 read-only tools, three typed-error names; single source of truth for the v0.9.62 contract.\n\n## Scripts (run as needed)\n\n- `scripts/doctor.mjs` -- diagnose the failing layer; prints [OK], [FAIL], and [WARN] markers per layer.\n- `scripts/print-stdio.mjs` -- print the OpenClaw stdio config block to paste into your MCP config.\n- `scripts/install-host.mjs` -- detect other MCP hosts on the machine; consent-gated per-host install.\n","tags":{"latest":"0.9.62"},"stats":{"comments":0,"downloads":440,"installsAllTime":16,"installsCurrent":0,"stars":1,"versions":2},"createdAt":1778262167020,"updatedAt":1779076313379},"latestVersion":{"version":"0.9.62","createdAt":1778576682331,"changelog":"ClawHub review fixes (ASI02/03/04/05) + frontmatter v0.9.62 bump","license":"MIT-0"},"metadata":{"setup":[],"os":null,"systems":null},"owner":{"handle":"lakshmanturlapati","userId":"s1752k5z45ca6g998dk2zdqk5h86appw","displayName":"Lakshman Turlapati","image":"https://avatars.githubusercontent.com/u/83905676?v=4"},"moderation":{"isSuspicious":false,"isMalwareBlocked":false,"verdict":"clean","reasonCodes":["review.llm_review"],"summary":"Review: review.llm_review","engineVersion":"v2.4.24","updatedAt":1780090787717}}