Fast Browser Use 1.0.5

Rust-based Chrome automation for ultra-fast, token-efficient DOM extraction, session management, screenshots, infinite scroll harvesting, and sitemap analysis.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 383 · 4 current installs · 4 all-time installs

by@Makforce

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The code (Rust library, CLI, MCP server) implements the advertised browser automation, DOM extraction, sitemap analysis and session management. However the published registry metadata is inconsistent with SKILL.md: the top-level metadata listed no install spec and no required env vars, while SKILL.md declares install steps (brew/cargo) and requires CHROME_PATH. The SKILL.md wording like "Login & Cookie Heist" is a red flag in tone (it documents cookie/session export/import explicitly). Functionality itself (save/load session, CDP control) is coherent with the stated purpose, but the metadata/documentation mismatches and wording are suspicious.

!

Instruction Scope

SKILL.md explicitly advises techniques to bypass bot detection (mouse jitter and disabling automation flags) and includes a recipe to save and later reload session cookies (labelled as a "heist"). Those instructions direct the agent to persist and reuse authentication cookies and to run commands that defeat anti-bot measures — actions that enable abuse (account takeover, scraping behind login). The skill also includes an MCP server that can accept commands over stdio, SSE or HTTP (127.0.0.1) to control the browser; combined with autonomous invocation this expands the blast radius. The instructions also direct installs from a third-party Homebrew tap and cargo, and to read/write local session files — all outside a minimal scraping scope.

ℹ

Install Mechanism

SKILL.md recommends installing from a third-party Homebrew tap (rknoche6/tap/fast-browser-use) or via cargo. There is no download-from-arbitrary-URL pattern in the code. Using a third-party brew tap is a moderate risk (trust required) but consistent with publishing a Rust binary. Also: registry metadata incorrectly indicated "no install spec" while SKILL.md contains an install section — an inconsistency to resolve before installing.

ℹ

Credentials

The skill does not request cloud API keys or unrelated credentials. SKILL.md indicates CHROME_PATH (local browser path) is required, which is proportionate. However the skill reads/writes session files (cookies/auth.json) and can be pointed at CDP/WebSocket endpoints; those capabilities allow capturing and replaying authentication material — sensitive behavior that is functionally related but privacy/security-sensitive. Also the registry metadata omits CHROME_PATH while SKILL.md requires it (incoherent).

✓

Persistence & Privilege

always:false and default autonomous invocation (disable-model-invocation:false) are present. Autonomous invocation is expected for MCP plugins. The skill can run a local MCP server (stdio, SSE, HTTP on 127.0.0.1) to accept commands; this is normal for an automation tool but increases attack surface if the server is exposed or misconfigured. There is no evidence the skill forcibly persists itself into the agent beyond normal install behaviour.

What to consider before installing

This package appears to implement a legitimate, fast Chrome automation tool, but several issues merit caution: - Inconsistencies: registry metadata claims no install/requirements, yet SKILL.md lists install steps (brew/cargo) and requires CHROME_PATH. Confirm which metadata is authoritative before installing. - Sensitive capabilities: the skill documents saving and reloading browser session cookies and explicitly shows how to "steal the session." That is a legitimate convenience for automation but can be abused (account takeover, unauthorized scraping). Treat any saved session files (auth.json) as highly sensitive secrets. - Bot-evasion guidance: SKILL.md includes instructions to circumvent bot-detection (injecting mouse jitter, disabling automation flags). Using those techniques against protected sites may violate terms of service or laws. Review legal/privacy policies before using. - Install source: SKILL.md recommends a third-party Homebrew tap (rknoche6/tap). Installing binaries from third-party taps requires trust; prefer building from the included source (cargo build) and auditing the code paths that handle cookies, remote endpoints, and network I/O. - Exposure surface: the MCP server can open local HTTP/SSE endpoints (default binds to 127.0.0.1:3000) — ensure it is not inadvertently exposed to untrusted networks. If you are uneasy, disable autonomous invocation for the skill or run it in an isolated environment/container and avoid supplying sensitive session files. Practical next steps before installing: 1) Verify the repository and Homebrew tap URLs point to the expected author and check release integrity. 2) Audit the code paths around session saving/loading, cookie handling, and any network listeners the MCP server opens. 3) If you must test, build from source (cargo build --release) in an isolated environment and avoid loading sessions from other accounts. Do not run the MCP server on network interfaces reachable by untrusted hosts. 4) Consider disabling autonomous invocation (disable-model-invocation) while you evaluate, and limit file system access to only safe directories. Given the explicit instructions that facilitate session reuse and bot-evasion, treat this skill as potentially high-risk until you review and control its installation and runtime environment.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk976eqfxwwt56x3hzf8ftet0t581myp2

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Fastest Browser Use

A Rust-based browser automation engine that provides a lightweight binary driving Chrome directly via CDP. It is optimized for token-efficient DOM extraction, robust session management, and speed.

Terminal Demo

🧪 Recipes for Agents

1. Bypass "Bot Detection" via Human Emulation

Simulate mouse jitter and random delays to scrape protected sites.

fast-browser-use navigate --url "https://protected-site.com" \
  --human-emulation \
  --wait-for-selector "#content"

2. The "Deep Freeze" Snapshot

Capture the entire DOM state and computed styles for perfect reconstruction later.

fast-browser-use snapshot --include-styles --output state.json

3. Login & Cookie Heist

Log in manually once, then steal the session for headless automation.

Step 1: Open non-headless for manual login

fast-browser-use login --url "https://github.com/login" --save-session ./auth.json

Step 2: Reuse session later

fast-browser-use navigate --url "https://github.com/dashboard" --load-session ./auth.json

4. 🚜 Infinite Scroll Harvester

Extract fresh data from infinite-scroll pages — perfect for harvesting the latest posts, news, or social feeds.

# Harvest headlines from Hacker News (scrolls 3x, waits 800ms between)
fast-browser-use harvest \
  --url "https://news.ycombinator.com" \
  --selector ".titleline a" \
  --scrolls 3 \
  --delay 800 \
  --output headlines.json

Real output (59 unique items in ~6 seconds):

[
  "Genode OS is a tool kit for building highly secure special-purpose OS",
  "Mobile carriers can get your GPS location",
  "Students using \"humanizer\" programs to beat accusations of cheating with AI",
  "Finland to end \"uncontrolled human experiment\" with ban on youth social media",
  ...
]

Works on any infinite scroll page: Reddit, Twitter, LinkedIn feeds, search results, etc.

5. 📸 Quick Screenshot

Capture any page as PNG:

fast-browser-use screenshot \
  --url "https://example.com" \
  --output page.png \
  --full-page  # Optional: capture entire scrollable page

6. 🗺️ Sitemap & Page Structure Analyzer

Discover how a site is organized by parsing sitemaps and analyzing page structure.

# Basic sitemap discovery (checks robots.txt + common sitemap URLs)
fast-browser-use sitemap --url "https://example.com"

# Full analysis with page structure (headings, nav, sections)
fast-browser-use sitemap \
  --url "https://example.com" \
  --analyze-structure \
  --max-pages 10 \
  --max-sitemaps 5 \
  --output site-structure.json

Options:

--analyze-structure: Also extract page structure (headings, nav, sections, meta)
--max-pages N: Limit structure analysis to N pages (default: 5)
--max-sitemaps N: Limit sitemap parsing to N sitemaps (default: 10, useful for large sites)

Example output:

{
  "base_url": "https://example.com",
  "robots_txt": "User-agent: *\nSitemap: https://example.com/sitemap.xml",
  "sitemaps": ["https://example.com/sitemap.xml"],
  "pages": [
    "https://example.com/about",
    "https://example.com/products",
    "https://example.com/contact"
  ],
  "page_structures": [
    {
      "url": "https://example.com",
      "title": "Example - Home",
      "headings": [
        {"level": 1, "text": "Welcome to Example"},
        {"level": 2, "text": "Our Services"}
      ],
      "nav_links": [
        {"text": "About", "href": "/about"},
        {"text": "Products", "href": "/products"}
      ],
      "sections": [
        {"tag": "main", "id": "content", "role": "main"},
        {"tag": "footer", "id": "footer", "role": null}
      ],
      "main_content": {"tag": "main", "id": "content", "word_count": 450},
      "meta": {
        "description": "Example company homepage",
        "canonical": "https://example.com/"
      }
    }
  ]
}

Use this to understand site architecture before scraping, map navigation flows, or audit SEO structure.

⚡ Performance Comparison

Feature	Fast Browser Use (Rust)	Puppeteer (Node)	Selenium (Java)
Startup Time	< 50ms	~800ms	~2500ms
Memory Footprint	15 MB	100 MB+	200 MB+
DOM Extract	Zero-Copy	JSON Serialize	Slow Bridge

Capabilities & Tools

Vision & Extraction

vision_map: Returns a screenshot overlay with numbered bounding boxes for all interactive elements.
snapshot: Capture the raw HTML snapshot (YAML/Markdown optimized for AI).
screenshot: Capture a visual image of the page.
extract: Get structured data from the DOM.
markdown: Convert the current page content to Markdown.
sitemap: Analyze site structure via robots.txt, sitemaps, and page semantic analysis.

Navigation & Lifecycle

navigate: Visit a specific URL.
go_back / go_forward: Traverse browser history.
wait: Pause execution or wait for specific conditions.
new_tab: Open a new browser tab.
switch_tab: Switch focus to a specific tab.
close_tab: Close the current or specified tab.
tab_list: List all open tabs.
close: Terminate the browser session.

Interaction

click: Click elements via CSS selectors or DOM indices.
input: Type text into fields.
press_key: Send specific keyboard events.
hover: Hover over elements.
scroll: Scroll the viewport.
select: Choose options in dropdowns.

State & Debugging

cookies: Manage session cookies (get/set).
local_storage: Manage local storage data.
debug: Access console logs and debug information.

Usage

This skill is specialized for complex web interactions that require maintaining state (like being logged in), handling dynamic JavaScript content, or managing multiple pages simultaneously. It offers higher performance and control compared to standard fetch-based tools.

Files

70 total

Select a file

Select a file to preview.

Comments

Loading comments…