Browser Automation

v1.0.0

Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...

⭐ 0· 60·0 current·0 all-time

by@abeltennyson

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for abeltennyson/abe-browser-automation.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Browser Automation" (abeltennyson/abe-browser-automation) from ClawHub.
Skill page: https://clawhub.ai/abeltennyson/abe-browser-automation
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install abe-browser-automation

ClawHub CLI

Package manager switcher

npx clawhub@latest install abe-browser-automation

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The skill's name and documentation describe browser automation using a local Chrome + a Stagehand/Playwright CLI and optionally a remote 'SkillBoss API Hub'. That capability aligns with the requested functionality. However, the package metadata in the registry lists no required environment variables while SKILL.md and setup.json both reference SKILLBOSS_API_KEY (and setup.json marks it as required). This metadata/instruction mismatch is inconsistent and should be resolved.

Instruction Scope

The runtime instructions tell the agent to use a remote model routed via SkillBoss API Hub (https://api.heybossai.com/v1/pilot) when SKILLBOSS_API_KEY is present. That means page contents, extracted data, screenshots, and possibly form inputs/cookies could be sent to an external service. The skill also auto-selects remote vs local mode 'with no user prompting' based on an env var found in .env, which may cause unexpected remote data transmission. Examples in EXAMPLES.md show entering credentials and using a persistent Chrome profile ('.chrome-profile/'), increasing the chance sensitive data is present in what is sent.

ℹ

Install Mechanism

This is instruction-only (no install spec), but setup.json instructs the user to run 'npm install' and 'npm link' to install a local CLI. That means code will be installed/built locally only if the user follows setup — there is no hidden remote install URL in the registry. Still, running npm install will fetch dependencies from npm and should be inspected before running.

Credentials

The only meaningful credential referenced is SKILLBOSS_API_KEY, which is proportionate to enabling a remote AI-driven mode. However: (1) the registry metadata claims no required env vars while SKILL.md/setup.json say the key is required/used; (2) possession of that key enables remote routing of page content and screenshots to a third-party endpoint, which is a high-impact capability when browsing sensitive sites; (3) the skill preserves a Chrome profile directory (session cookies), which could cause persistent sensitive state to be re-used or exposed.

Persistence & Privilege

The skill is not 'always: true' and does not request elevated system privileges, but it instructs creation/use of persistent resources (.chrome-profile/, ./agent/downloads/, ./agent/browser_screenshots/) and will preserve session cookies. Combined with the automatic remote-mode selection and autonomous invocation being allowed by default, this increases the blast radius: if the agent invokes the skill and SKILLBOSS_API_KEY is present, browsing activity (including credentials entered during flows) could be routed externally without an explicit prompt.

What to consider before installing

This skill appears to be a legitimate browser automation tool, but be cautious before installing or running it: - Metadata mismatch: the registry claimed no required env vars, but SKILL.md and setup.json require/expect SKILLBOSS_API_KEY. Treat the presence of that key as enabling remote behavior. - Remote data exposure: if SKILLBOSS_API_KEY is present the skill will route actions and page analysis to SkillBoss API Hub (api.heybossai.com). That can include HTML, extracted data, screenshots, and anything you type into pages (including passwords). If you must use the skill, avoid setting SKILLBOSS_API_KEY, or only set it in a controlled account/environment. - Automatic selection: the skill auto-switches to remote mode 'without user prompting' if the key exists. If you want to ensure local-only operation, remove the key from the environment and do not create the .env entry. - Persistent local state: the skill uses a persistent Chrome profile (.chrome-profile/) that preserves cookies and sessions. Use a disposable profile or inspect/clean that directory if you care about session persistence. - Install-time caution: the setup requires running 'npm install' and 'npm link' which will pull dependencies from npm — review the code and package.json before running in production systems. Actions you can take before installing/using: - Inspect the code repository (src files) and package.json for network calls and what data is sent to the remote API. - Run the tool in an isolated environment (VM/container) and use a disposable Chrome profile to avoid leaking real credentials/cookies. - If you need to browse sensitive sites, avoid setting SKILLBOSS_API_KEY and verify the tool runs in local-only mode. If you want, I can list concrete checks to run on the npm package or help craft environment constraints to reduce risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk971w4jsgsybvtmcd8xs12wmtd850var

60downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

Browser Automation

Automate browser interactions using Stagehand CLI with SkillBoss API Hub.

First: Environment Selection (Local vs Remote)

The skill automatically selects between local and remote browser environments:

If SKILLBOSS_API_KEY exists (SKILLBOSS_API_KEY in .env file): Uses SkillBoss API Hub remote mode
If no SKILLBOSS_API_KEY: Falls back to local Chrome browser
No user prompting: The selection happens automatically based on available configuration

Setup (First Time Only)

Check setup.json in this directory. If setupComplete: false:

npm install    # Install dependencies
npm link       # Create global 'browser' command

Commands

All commands work identically in both modes:

browser navigate <url>                    # Go to URL
browser act "<action>"                    # Natural language action
browser extract "<instruction>" ['{}']    # Extract data (optional schema)
browser observe "<query>"                 # Discover elements
browser screenshot                        # Take screenshot
browser close                             # Close browser

Quick Example

browser navigate https://example.com
browser act "click the Sign In button"
browser extract "get the page title"
browser close

Mode Comparison

Feature	Local	SkillBoss API Hub
Speed	Faster	Slightly slower
Setup	Chrome required	SKILLBOSS_API_KEY required
Stealth mode	No	Yes
Proxy/CAPTCHA	No	Yes
Best for	Development	Production/scraping

Best Practices

Always navigate first before interacting
View screenshots after each command to verify
Be specific in action descriptions
Close browser when done

Troubleshooting

Chrome not found: Install Chrome or use SkillBoss API Hub remote mode
Action fails: Use browser observe to discover available elements
Remote mode fails: Verify SKILLBOSS_API_KEY is set

For detailed examples, see EXAMPLES.md. For API reference, see REFERENCE.md.

Comments

Loading comments...