Oto Sessions

v1.0.1

Manage authenticated browser sessions for any website with Oto, enabling saving, listing, deleting, and automating multiple accounts without re-authenticating.

⭐ 0· 64·0 current·0 all-time

byMurat Bahar@mbahar

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for mbahar/oto-sessions.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Oto Sessions" (mbahar/oto-sessions) from ClawHub.
Skill page: https://clawhub.ai/mbahar/oto-sessions
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install oto-sessions

ClawHub CLI

Package manager switcher

npx clawhub@latest install oto-sessions

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description claim session management; included scripts and docs all call into an Oto session-manager (~/oto/lib/session-manager). Requiring Node.js and Playwright and cloning the Oto repo is coherent with that purpose.

✓

Instruction Scope

SKILL.md and scripts only instruct browser-based login, listing, deleting, launching, and checking local session files. They reference ~/oto or OTO_PATH and do not attempt to read unrelated system files or external endpoints beyond the Oto GitHub. The skill will run browsers and read/write session JSON files locally (expected).

ℹ

Install Mechanism

There is no platform-level install spec; SKILL.md tells users to git clone https://github.com/mbahar/oto.git and run npm install. Using GitHub and npm is normal, but npm install will fetch Playwright and other dependencies — you should review the Oto repository and its dependency tree before running npm install.

✓

Credentials

The skill itself declares no required env vars or credentials. It uses an optional OTO_PATH to locate the Oto framework (documented). No unrelated secrets or cloud credentials are requested by the skill.

✓

Persistence & Privilege

always is false and the skill does not claim elevated or persistent platform privileges. It installs by copy into ~/.openclaw/skills/ and does not modify other skills or system-wide configs.

Assessment

This skill is coherent: it wraps an external Oto framework to manage local browser sessions and includes small CLI wrappers that call into that framework. Before installing, review and trust the referenced Oto repository (https://github.com/mbahar/oto) and its package.json/dependencies because npm install will download Playwright and other packages that run native code. Confirm session files will be stored locally and protected (SKILL.md claims chmod 600 and local-only storage). If you share a machine, be aware that a running browser session can access any accounts you have logged into in that browser. If you need higher assurance, inspect ~/oto/lib/session-manager and the npm dependency tree (npm audit) before use.

✗

scripts/launch-session.js:13

Shell command execution detected (child_process).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976mwtab7fahmq10ch1mjz73984qhwv

64downloads

0stars

2versions

Updated 2w ago

v1.0.1

MIT-0

Oto Sessions Skill

Platform-agnostic browser session management for AI automation agents.

Oto solves the hardest part of browser-based automation: staying logged in. It manages authenticated sessions for any website, with full multi-user and multi-account support — so AI agents and scripts can access any platform without re-authenticating.

What This Skill Does

This skill wraps the Oto CLI tools to provide a seamless workflow for:

Saving sessions — Log in once manually, then reuse forever
Listing sessions — See all your saved platform:account pairs
Deleting sessions — Remove sessions you no longer need
Launching automation — Start fully authenticated browser sessions
Multi-account support — Switch between personal, business, or multiple accounts on the same platform

Installation

1. Clone and install Oto

git clone https://github.com/mbahar/oto.git ~/oto
cd ~/oto && npm install

Oto will create ~/oto/sessions/ (local, git-ignored) to store encrypted sessions.

2. Install this skill

cp -r oto-sessions ~/.openclaw/skills/

Once installed, your agent will automatically:

Prompt you to save sessions when needed
Reuse saved sessions for all automation tasks
Switch between accounts seamlessly

Requirements

Node.js 18+
Playwright (installed by npm install)
A machine with a display (browser automation needs a screen for login flows)

Usage Patterns

Pattern 1: Save a New Session

When you need to authenticate on a website:

# Opens browser for manual login, saves session when you press Enter
node ~/oto/scripts/save-session.js amazon https://www.amazon.com work

# Session saved as amazon:work — ready to reuse

In automation code:

const { launchSession } = require('~/oto/lib/session-manager');

// Launch with saved session — already authenticated, no login wall
const { page, save } = await launchSession('amazon', 'work');

// Go straight to authenticated pages
await page.goto('https://www.amazon.com/orders');

// Do stuff...

// Save updated session back
await save();

Pattern 2: List All Sessions

node ~/oto/scripts/list-sessions.js

# Output:
# 📦 Saved Sessions
# 
#   Platform         Account          Saved
#   ─────────────────────────────────────────
#   amazon           work            Apr 3, 9:00 AM
#   amazon           personal         Apr 3, 9:05 AM
#   tiktok           work            Apr 3, 9:10 AM

Pattern 3: Delete a Session

# Delete specific account on a platform
node ~/oto/scripts/delete-session.js amazon work

# Delete default account
node ~/oto/scripts/delete-session.js tiktok

Pattern 4: Multi-Account Automation

Run against multiple accounts simultaneously:

const { launchSession } = require('~/oto/lib/session-manager');

// Load both accounts
const personal  = await launchSession('amazon', 'personal');
const business  = await launchSession('amazon', 'work');

// Each runs independently
await personal.page.goto('https://www.amazon.com/orders');
await business.page.goto('https://sellercentral.amazon.com');

// Work with both...

await personal.save();
await business.save();

Pattern 5: Check Before Using

const { launchSession, hasSession } = require('~/oto/lib/session-manager');

if (!hasSession('tiktok', 'work')) {
  console.log('Session missing. Run:');
  console.log('  node ~/oto/scripts/save-session.js tiktok https://tiktok.com/login work');
  process.exit(1);
}

// Safe to use
const { page } = await launchSession('tiktok', 'work');

Pattern 6: Debug Mode (Connect to Running Browser)

const { connectDebugBrowser } = require('~/oto/lib/session-manager');

// Connect to Chrome running with --remote-debugging-port=9222
const { browser, page } = await connectDebugBrowser();

// Control it — already logged into whatever you have open
await page.goto('https://some-authenticated-page.com');

Session ID Format

Sessions are stored as platform:account:

ID	Meaning
`amazon:work`	Amazon, work account
`amazon:personal`	Amazon, personal account
`tiktok:work`	TikTok, work account
`indeed:personal`	Indeed, Personal's employer account
`poshmark:personal`	Poshmark, personal account
`shopify:work`	Shopify, business account
`myapp:alice`	Any app, Alice's account

You define the names. Oto doesn't know or care what the platform actually is — it's purely for your organization.

Common Examples

Amazon (Personal & Business)

# Save personal account
node ~/oto/scripts/save-session.js amazon https://www.amazon.com personal

# Save business account (Work)
node ~/oto/scripts/save-session.js amazon https://www.amazon.com work

# Use in code
const personal = await launchSession('amazon', 'personal');
const business = await launchSession('amazon', 'work');

TikTok Shop

node ~/oto/scripts/save-session.js tiktok https://www.tiktok.com/login work
node ~/oto/scripts/save-session.js tiktok https://www.tiktok.com/login personal

# List what we have
node ~/oto/scripts/list-sessions.js

eBay (Multi-Seller)

node ~/oto/scripts/save-session.js ebay https://signin.ebay.com work
node ~/oto/scripts/save-session.js ebay https://signin.ebay.com personal

# Automate on both
const workSession = await launchSession('ebay', 'work');
const personalSession = await launchSession('ebay', 'personal');

Shopify Admin

node ~/oto/scripts/save-session.js shopify https://accounts.shopify.com work

# Use
const { page } = await launchSession('shopify', 'work');
await page.goto('https://admin.shopify.com/');

APIs

Session Manager Exports

launchSession(platform, account = 'default', headless = true)

Launches a browser context with saved session cookies/storage. Returns:

{
  browser,        // Playwright browser instance
  context,        // Browser context
  page,           // Current page
  platform,       // Platform name
  account,        // Account name
  isAuthenticated, // Boolean: was session found?
  save()          // Async function to save updated session
}

hasSession(platform, account = 'default')

Boolean check if session exists.

listSessions()

Returns array of all saved sessions with metadata:

[
  {
    key: 'amazon:work',
    platform: 'amazon',
    account: 'work',
    url: 'https://www.amazon.com',
    savedAt: '2025-04-03T12:00:00Z',
    label: 'amazon:work'
  },
  // ...
]

deleteSession(platform, account = 'default')

Permanently delete a session (requires confirmation).

connectDebugBrowser()

Connect to a running Chrome instance for manual debugging/testing.

Security

Sessions are local-only — stored in ~/oto/sessions/
Never committed to git — .gitignore blocks all session files
File permissions — each session is chmod 600 (owner only)
Safe to fork — clone the code, bring your own sessions
No API keys embedded — you control all credentials

Architecture

Oto Framework
├── lib/session-manager.js    # Core session APIs
├── scripts/
│   ├── save-session.js       # Interactive login + capture
│   ├── list-sessions.js      # Show all sessions
│   └── delete-session.js     # Remove a session
└── sessions/                 # Local storage (git-ignored)
    ├── amazon--work.json
    ├── amazon--personal.json
    └── registry.json

Workflow for Agents

Check if session exists:

const { hasSession } = require('~/oto/lib/session-manager');
if (!hasSession('amazon', 'work')) { /* prompt */ }

If missing, prompt user:

You'll need to create a session first:
node ~/oto/scripts/save-session.js amazon https://www.amazon.com work

If exists, launch and automate:

const { launchSession } = require('~/oto/lib/session-manager');
const { page, save } = await launchSession('amazon', 'work');
// Automate...
await save();

After task, save updated session:

await save();  // Persist any new cookies/storage
await browser.close();

Troubleshooting

Q: Browser launches but login doesn't work

A: Some sites block headless browsers. Try:

const { page } = await launchSession('amazon', 'work', headless=false);

Q: Session expires after a few days

A: Many sites invalidate cookies after inactivity. Save a fresh session when needed:

node ~/oto/scripts/save-session.js amazon https://www.amazon.com work

Q: Can't find my sessions

A: List them:

node ~/oto/scripts/list-sessions.js

Sessions are in ~/oto/sessions/ with filenames like platform--account.json.

Q: How do I use multiple accounts simultaneously?

A: Load them both:

const a = await launchSession('amazon', 'work');
const b = await launchSession('amazon', 'personal');
// Both run independently

Oto GitHub — Main repository
Playwright Docs — Browser automation
OpenClaw Skills — Skill framework

Built and maintained by the Oto community (@mbahar).

Comments

Loading comments...