AutoClaw Browser Automation

Complete browser automation skill with MCP protocol support and Chrome extension

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 412 · 5 current installs · 5 all-time installs

by@addogiavara-tech

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

✓

Purpose & Capability

The code, manifest, and SKILL.md match the described purpose: a local MCP WebSocket server plus a Chrome extension that uses the Debugger/Bookmarks/Storage/CDP APIs to control the browser, read/write cookies/storage, take screenshots, and manage bookmarks. The included tools (evaluate JS, get cookies, attach tabs, etc.) are consistent with a full-featured browser automation skill.

ℹ

Instruction Scope

Runtime instructions ask the user to start a local Node MCP server and load the unpacked extension from a path under the user's profile (expected for this design). The runtime toolset includes highly sensitive actions (execute arbitrary JS in pages, read/set cookies/storage, read page content). The SKILL.md does not instruct explicit exfiltration, but enabling the extension + server grants capabilities that could access and transmit browsing data if misused.

✓

Install Mechanism

There is no automatic download/install spec in the registry entry — installation is instruction-driven (npm start + load unpacked extension). The included Node dependency (ws) comes from an npm mirror in package-lock, which is normal. No remote archive downloads or obscure URLs in the install flow were required by the package metadata.

Credentials

The skill requests no environment variables, which is fine, but the extension and server contain a hard-coded built-in token (present in README, options.js, server and extension code). The extension requests broad host_permissions ("<all_urls>") and powerful extension permissions (debugger, tabs, bookmarks, scripting), appropriate for deep automation but high privilege. Default settings in code/options (autoAttachAll default true; isAuthValid() overridden to always return true) and acceptance of the built-in token by the server increase the risk surface because authorization becomes effectively permanent unless the user explicitly reconfigures it.

Persistence & Privilege

Although registry flags (always:false) are normal, the plugin itself is designed to persist in the browser with permanent authorization (isAuthValid returns true). Defaults encourage 'auto attach all tabs' and the server stores logs under the user's home (~/.autoclaw/logs). Combined, these make long-lived, machine-local access to browsing data and actions likely after initial setup — this is coherent for an automation tool but elevates privilege and persistence compared to a short-lived helper.

What to consider before installing

This skill appears to implement what it claims (a local MCP server plus a Chrome extension) but contains several risky defaults you should review before installing: - Privileges: The extension requests and needs powerful Chrome permissions (debugger, scripting, bookmarks, cookies, tabs, <all_urls>). These let the extension read pages, execute JS, change cookies/storage, and control tabs — exactly what automation needs, but also what an attacker would use to exfiltrate data. - Hard-coded token & authorization: The server and extension include a built-in token in source. The server accepts that token (and a related token value). If you install without changing tokens, any local process that knows the token could connect to the MCP server. The extension also permanently treats itself as authorized (isAuthValid returns true), and UI defaults enable 'auto attach all tabs'. Consider changing tokens and turning off auto-attach. - Persistent logs: The MCP server writes logs and task/action history under ~/.autoclaw. These files may contain snapshots of page content, screenshots, or action arguments — review or sandbox them if they contain sensitive content. - Recommended mitigations before use: - Inspect and (preferably) run the server and extension in a disposable environment (VM or isolated profile) first. - Change the built-in token to a strong secret and verify the server only accepts your custom token. - Disable any 'auto attach all tabs' setting; require explicit attach per tab. - Review/limit host permissions if possible; only allow the extension on sites you trust. - Consider audit/logging: check ~/.autoclaw for stored data and set retention/cleanup per your privacy needs. - If you need remote bookmark classification (cloud mode), be aware that enabling cloud mode can send page/bookmark data to an external API; only configure a trusted endpoint and API key. Given these issues, treat the package as usable but high-risk unless you harden defaults and verify the code locally. If you want, provide specific files or lines you'd like me to inspect more deeply (e.g., the complete background.js or server.js) and I can point out exact spots to change.

✗

mcp/dist/server.js:2230

Shell command execution detected (child_process).

autoclaw-plugin/manifest.json:16

Install source points to URL shortener or raw IP.

mcp/dist/server.js:87

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv6.1.2

Download zip

AutoClawvk97dwn3bwan9zcp7rbvwdw9ssx82y81cAutoClaw;autoclaw;auto browser;browser-automation;chrome-extension;puppeteer;selenium;playwright;web-automation;rpa;robotic-process-automation;headless-browser;web-scraping;browser-control;cdp;ai-agent;ai-automation;ai-tools;agentic-ai;mcp;automationvk978cy5sc0t6nya4jj0rfh090x82zjdhagentic-aivk97dwn3bwan9zcp7rbvwdw9ssx82y81cai-agentvk97dwn3bwan9zcp7rbvwdw9ssx82y81cai-automationvk97dwn3bwan9zcp7rbvwdw9ssx82y81cai-toolsvk97dwn3bwan9zcp7rbvwdw9ssx82y81cauto browservk97dwn3bwan9zcp7rbvwdw9ssx82y81cautoclawvk97dwn3bwan9zcp7rbvwdw9ssx82y81cautomationvk97dwn3bwan9zcp7rbvwdw9ssx82y81cbrowservk97ffbsdc1a9esm69vxtd08nmd8293pzbrowser-automationvk97dwn3bwan9zcp7rbvwdw9ssx82y81cbrowser-controlvk97dwn3bwan9zcp7rbvwdw9ssx82y81ccdpvk97dwn3bwan9zcp7rbvwdw9ssx82y81cchromevk978brcy5hzqda81vvy1vpkdw5826jf8chrome-extensionvk97dwn3bwan9zcp7rbvwdw9ssx82y81cheadless-browservk97dwn3bwan9zcp7rbvwdw9ssx82y81clatestvk97dwn3bwan9zcp7rbvwdw9ssx82y81cmcpvk97dwn3bwan9zcp7rbvwdw9ssx82y81cplaywrightvk97dwn3bwan9zcp7rbvwdw9ssx82y81cpuppeteervk97dwn3bwan9zcp7rbvwdw9ssx82y81crobotic-process-automationvk97dwn3bwan9zcp7rbvwdw9ssx82y81crpavk97dwn3bwan9zcp7rbvwdw9ssx82y81cscrapingvk97ffbsdc1a9esm69vxtd08nmd8293pzseleniumvk97dwn3bwan9zcp7rbvwdw9ssx82y81ctestingvk97ffbsdc1a9esm69vxtd08nmd8293pzwebvk97ffbsdc1a9esm69vxtd08nmd8293pzweb-automationvk97dwn3bwan9zcp7rbvwdw9ssx82y81cweb-scrapingvk97dwn3bwan9zcp7rbvwdw9ssx82y81cwebsocketvk978brcy5hzqda81vvy1vpkdw5826jf8

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AutoClaw Browser Automation Skill

Skill Overview

AutoClaw is a browser automation skill that provides comprehensive control over Chrome browser through MCP (Message Communication Protocol) communication with the browser extension.

Prerequisites

Before starting MCP service, ensure the following files exist in the correct directory:

options.js - Browser extension options page script
background.js - Extension background script handling WebSocket connections

File Location

%USERPROFILE%\.openclaw\skills\claw-browser\autoclaw-plugin\

🚀 v6.0.0 New Optimization Tools

Simplified DOM Retrieval

Tool	Description	Parameters
`claw_get_indexed_elements`	Get page simplified DOM (indexed interactive elements), data reduced by 90%+	`[useCache: boolean]`

Index Click

Tool	Description	Parameters
`claw_click_by_index`	Click element by index, more stable than CSS selector	`index: number`

Batch Operations

Tool	Description	Parameters
`claw_batch_execute`	Batch execute multiple CDP commands, reduce network round trips	`commands: array`

Smart Wait

Tool	Description	Parameters
`claw_smart_wait`	Smart wait: support wait for element/text/URL	`element/text/urlPattern, timeout`

Available Tools

⌨️ Keyboard Operations

Tool	Description	Parameters
`claw_press_key`	Press single key	`key: string`
`claw_press_combo`	Press key combination (e.g., Ctrl+C)	`keys: string`
`claw_type_text`	Type text with optional delay	`text: string, [delay: number]`
`claw_key_down`	Key down	`key: string`
`claw_key_up`	Key up	`key: string`

📸 Screenshot & Content Extraction

Tool	Description	Parameters
`claw_take_screenshot`	Capture screenshot of current page	`[fullPage: boolean]`
`claw_get_page_content`	Get page HTML or text content	`[type: html\|text]`
`claw_get_text`	Get text content of element	`selector: string`
`claw_get_html`	Get HTML content of element	`selector: string`
`claw_get_attribute`	Get element attribute value	`selector, attribute`
`claw_is_visible`	Check if element is visible	`selector: string`
`claw_is_enabled`	Check if element is enabled	`selector: string`

🖱️ Mouse & Scroll Operations

Tool	Description	Parameters
`claw_mouse_move`	Move mouse to coordinates	`x, y`
`claw_mouse_click`	Left click at coordinates	`[x, y]`
`claw_mouse_right_click`	Right click at coordinates	`[x, y]`
`claw_mouse_double_click`	Double click at coordinates	`[x, y]`
`claw_mouse_down`	Mouse button down	`button, x, y`
`claw_mouse_up`	Mouse button up	`[button]`
`claw_mouse_wheel`	Mouse wheel scroll	`[deltaX, deltaY]`
`claw_scroll`	Scroll page	`[x, y]`
`claw_fast_scroll_down`	Fast scroll down one screen	`[speed: number]`
`claw_fast_scroll_up`	Fast scroll up one screen	`[speed: number]`
`claw_hover_element`	Hover over element	`selector: string`
`claw_scroll_to_element`	Scroll element to viewport center	`selector: string`

📱 Touch & Swipe Operations (Mobile)

Tool	Description	Parameters
`claw_swipe_up`	Swipe up gesture (Douyin/TikTok)	`[distance: number]`
`claw_swipe_down`	Swipe down gesture	`[distance: number]`
`claw_swipe_left`	Swipe left gesture	`[distance: number]`
`claw_swipe_right`	Swipe right gesture	`[distance: number]`
`claw_tap`	Tap at specific position	`x, y`

📑 Tab Management

Tool	Description	Parameters
`claw_tab_create`	Create new browser tab	`[url, active]`
`claw_tab_close`	Close browser tab	`[tabId]`
`claw_tab_list`	List all open tabs	-
`claw_tab_switch`	Switch to specific tab	`tabId: number`
`claw_tab_reload`	Reload tab content	`[tabId]`
`claw_get_active_tab`	Get active tab information	-
`claw_attach_all_tabs`	Attach all tabs for control	-

📁 Bookmark Management

Tool	Description	Parameters
`claw_get_bookmarks`	Get all bookmarks (flat list)	-
`claw_get_bookmark_tree`	Get full bookmark tree structure	-
`claw_search_bookmarks`	Search bookmarks by keyword	`query: string`
`claw_create_bookmark`	Create new bookmark	`title, url, [parentId]`
`claw_update_bookmark`	Update bookmark title or URL	`id, [title, url]`
`claw_rename_bookmark`	Rename bookmark or folder	`id, title`
`claw_delete_bookmark`	Delete single bookmark	`id: string`
`claw_remove_folder`	Recursively delete bookmark folder	`id: string`
`claw_create_folder`	Create new bookmark folder	`title, [parentId]`
`claw_move_bookmark`	Move bookmark to another folder	`id, parentId`

🍪 Storage & Cookies

Tool	Description	Parameters
`claw_get_cookies`	Get cookies for domain	`[domain: string]`
`claw_set_cookies`	Set cookies	`cookies: array`
`claw_get_storage`	Get localStorage/sessionStorage	`[type, origin]`
`claw_set_storage`	Set storage value	`type, key, value`

🧪 JavaScript Execution

Tool	Description	Parameters
`claw_evaluate_js`	Execute JavaScript code in page	`expression: string`

⏳ Wait Operations

Tool	Description	Parameters
`claw_wait`	Wait specified milliseconds	`ms: number`
`claw_wait_for_element`	Wait for element to appear	`selector, [timeout]`
`claw_wait_for_text`	Wait for text to appear	`text, [timeout]`
`claw_wait_for_url`	Wait for URL pattern match	`urlPattern, [timeout]`
`claw_wait_for_navigation`	Wait for navigation completion	`[timeout]`
`claw_smart_wait`	Smart wait (NEW)	`element/text/urlPattern, timeout`

🔧 Element Operations

Tool	Description	Parameters
`claw_click_element`	Click page element (CSS selector)	`selector: string`
`claw_fill_input`	Fill input field with text	`selector, text`
`claw_clear_input`	Clear input field	`selector: string`
`claw_select_option`	Select dropdown option	`selector, value`
`claw_check`	Check checkbox	`selector: string`
`claw_uncheck`	Uncheck checkbox	`selector: string`
`claw_focus_element`	Focus on element	`selector: string`
`claw_upload_file`	Upload file to input	`selector, filePath`

🧠 Smart Operations (Enhanced)

Tool	Description	Parameters
`claw_smart_click`	Smart click: try selector→text→coordinates	`selector/text/x+y, timeout`
`claw_find_elements`	Query all matching elements on page	`selector, [limit]`
`claw_wait_and_click`	Wait for element then click	`selector, timeout, scrollIntoView`
`claw_get_page_structure`	Get page key structure summary	`includeLinks/Buttons/Inputs, maxItems`
`claw_batch_extract`	Batch extract multiple selector contents	`selectors, options`
`claw_extract_table`	Extract HTML table to JSON	`[selector, includeHeader]`
`claw_extract_list`	Extract list-type data	`containerSelector, fields, limit`

📊 Task & Log Operations

Tool	Description	Parameters
`claw_new_task`	Create new task	`[name: string]`
`claw_complete_task`	Complete task	`[success: boolean]`
`claw_switch_task`	Switch to specified task	`taskId: number`
`claw_list_tasks`	List all tasks	-
`claw_get_task_logs`	Get specified task logs	`[taskId, limit]`
`claw_get_action_logs`	Get current task action logs	`[limit]`

⚙️ Configuration & Status

Tool	Description	Parameters
`claw_get_status`	Get current system status	-
`claw_get_config`	Get full configuration	-
`claw_set_mode`	Set operation mode	`mode: local\|cloud\|auto`
`claw_health_check`	Perform health check	-
`claw_diagnose`	System diagnostics	`[full: boolean]`

🌐 Navigation Operations

Tool	Description	Parameters
`claw_navigate`	Open URL	`url, [newTab]`
`claw_open_urls`	Batch open multiple URLs	`urls, [delayMs]`
`claw_go_back`	Go back one page	-
`claw_go_forward`	Go forward one page	-
`claw_reload_page`	Reload page	`[hard: boolean]`

💾 Login Session Management

Tool	Description	Parameters
`claw_save_login_session`	Save current page login state	`name, [domain]`
`claw_restore_login_session`	Restore saved login state	`name: string`
`claw_list_login_sessions`	List all saved sessions	-

Configuration

MCP Port: 30000 (default, customizable)
Extension WebSocket: ws://127.0.0.1:{port}/extension
Built-in Token: autoclaw_builtin_Q0hpK2oV4F9tlwbYX3RELxiJNGDvayr8OPqZzkfs
Custom Token: Supported (leave empty to use built-in)

Installation Steps

1. Start MCP Server

cd %USERPROFILE%\.openclaw\skills\autoclaw_wboke\mcp
npm install  # First time only
npm start

2. Install Chrome Extension

Open chrome://extensions
Enable "Developer mode"
Click "Load unpacked"
Select autoclaw-plugin/ directory

3. Configure Extension

Click extension icon → Settings
Set port (default: 30000)
Enter custom Token (optional, leave empty for built-in)
Click "Save Settings" to authorize
Click "Attach All Tabs"

v6.0.0 Performance Optimization

Optimization	Before	After	Effect
CDP Domain	Enable all 4 domains each time	Enable only 2 base domains, others on-demand	Resource ↓30%
Connection Poll	Check every 5 seconds	Check every 30 seconds	CPU/Network ↓40%
Popup Poll	Refresh every 3 seconds	Refresh every 10 seconds	Battery/Resource ↓
DOM Cache	None	Reuse within 15 seconds	Repeat requests ↓50%

Project Structure

autoclaw_wboke/
├── SKILL.md                    # This documentation
├── README.md                   # Main documentation
├── mcp/                       # MCP Server
│   ├── package.json
│   ├── dist/server.js         # Compiled server (v5.2.0) ⭐
│   └── node_modules/
├── autoclaw-plugin/           # Chrome Extension
│   ├── manifest.json
│   ├── background.js          # Background script (v6.0.0) ⭐
│   ├── popup.js               # Popup UI
│   └── options.js             # Settings UI
└── scripts/                   # Automation script templates
    ├── 抖音点赞.json
    ├── 批量截图.json
    └── 自动搜索.json

Log Management

Log Directory: ~/.autoclaw/logs/
Retention: 30 days (auto-cleanup on server start)
Max Tasks: 100

Communication Protocol

MCP service runs on customizable port (default: 30000)
Browser extension communicates via WebSocket
Message format: JSON

Troubleshooting

Extension Not Connected

Verify MCP server is running
Click extension icon → Settings → Test Connection
Ensure authorization is not expired

"No Attached Tab" Error

Click "Attach All Tabs" in extension popup
Or manually click each tab to attach

Authorization Expired

Click extension icon → Settings
Click "Save Settings" to re-authorize

Performance Issues

v6.0.0 has optimized resource usage
Try restarting MCP service if issues persist

Usage Example

// Connect to MCP service
const WebSocket = require('ws');
const ws = new WebSocket('ws://localhost:30000');

ws.on('open', function() {
    // Navigate to webpage
    ws.send(JSON.stringify({
        action: 'navigate',
        url: 'https://www.example.com'
    }));
    
    // Get simplified DOM (recommended)
    ws.send(JSON.stringify({
        name: 'claw_get_indexed_elements',
        arguments: { useCache: true }
    }));
});

Error Handling

Connection Failure: Check if MCP service is running and port is available
Extension Not Loaded: Verify manifest.json exists and is properly formatted
Dependency Errors: Re-run npm install to install dependencies

Files

19 total

Select a file

Select a file to preview.

Comments

Loading comments…