ClawHub

Tinyfish Browser

v1.0.0

Spin up a remote browser session via the TinyFish Browser API and get a CDP URL for driving it. Use when you need an automatable Chromium session (Playwright...

0· 116·0 current·0 all-time
byVal Alexander@bunsdev

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for bunsdev/tinyfish-browser.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Tinyfish Browser" (bunsdev/tinyfish-browser) from ClawHub.
Skill page: https://clawhub.ai/bunsdev/tinyfish-browser
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: TINYFISH_API_KEY
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install tinyfish-browser

ClawHub CLI

Package manager switcher

npx clawhub@latest install tinyfish-browser
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name, description, SKILL.md, and helper script all consistently call the TinyFish Browser API and require TINYFISH_API_KEY. Minor inconsistency: the file scripts/browser.sh invokes curl and python3 but the registry metadata lists no required binaries.
Instruction Scope
SKILL.md instructs only to verify the API key is present and to POST the target URL to the TinyFish API, then return the session_id/cdp_url/base_url. It does not instruct reading unrelated files or environment variables and does not direct data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only plus a small helper script). Nothing is downloaded or written during install; risk from install mechanism is low.
Credentials
The only required secret is TINYFISH_API_KEY, which is appropriate for an API-based browser service. The SKILL.md and script use the key only to authenticate requests to api.browser.tinyfish.ai.
Persistence & Privilege
always is false and the skill does not request any permanent system presence or modify other skills' configs. Autonomous invocation (default) is allowed but not combined with other concerning factors.
Assessment
This skill appears to do exactly what it says: it sends the given URL to TinyFish and returns a CDP websocket URL and session info. Before installing, confirm you trust tinyfish.ai and are comfortable sending a dedicated API key to their api.browser.tinyfish.ai endpoint. Create a scoped/revocable API key if possible. Note the helper script uses curl and python3 even though the registry metadata lists no required binaries—ensure those are available in your runtime. Treat TINYFISH_API_KEY as a secret (do not share it), and consider reviewing TinyFish's privacy and session lifetime policies since the returned cdp_url and base_url are authenticated endpoints that allow remote driving of a browser session.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

EnvTINYFISH_API_KEY
latestvk976rbtjxwet07cwhfsn85fmc185661x
116downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
Val Alexander@bunsdev
latest
Download

TinyFish Browser

Create a remote Chromium browser session. Returns a session_id, a cdp_url for driving the browser over the DevTools Protocol, and an authenticated base_url for polling session state.

Requires: TINYFISH_API_KEY environment variable.

Pre-flight Check (REQUIRED)

Before calling the API, verify the key is present:

[ -n "$TINYFISH_API_KEY" ] && echo "TINYFISH_API_KEY is set" || echo "TINYFISH_API_KEY is NOT set"

If the key is not set, stop and ask the user to add it. Get one at https://agent.tinyfish.ai/api-keys. Do NOT fall back to other browser tools.

Create a Session

curl -X POST "https://api.browser.tinyfish.ai" \
  -H "X-API-Key: $TINYFISH_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{ "url": "https://example.com" }'

Helper Script

scripts/browser.sh <url> wraps the curl call:

scripts/browser.sh https://example.com

Response Shape

{
  "session_id": "sess_abc123",
  "cdp_url": "wss://browser.tinyfish.ai/devtools/browser/…",
  "base_url": "https://api.browser.tinyfish.ai/sessions/sess_abc123"
}

Using the Session

  • cdp_url is a DevTools Protocol websocket — connect with Playwright/Puppeteer/chrome-remote-interface to drive the page.
  • base_url is an authenticated polling endpoint (requires the X-API-Key header). It is NOT browsable in a normal web view.

Session Lifecycle

Sessions auto-close after ~1 hour of idleness. There is no explicit terminate endpoint — avoid creating one session per user action; reuse sessions keyed by target URL when possible.

Comments

Loading comments...