slbrow-skill
v1.0.0Browser automation via SLBrow MCP and HTTP API. Use when the user needs to navigate pages, analyze content, manage tabs, search history, extract text, or con...
⭐ 0· 37·0 current·0 all-time
by@adeted
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (browser automation via SLBrow MCP/HTTP API) matches what the files implement: local HTTP endpoints on localhost:5556, tools for navigation, extraction, tabs, history, and VAI player controls. No unrelated env vars, binaries, or external services are requested.
Instruction Scope
SKILL.md instructs the agent to call a local SLBrow server and use a browser extension to access pages, selected text, and history — which is exactly the stated purpose. Be aware these tools permit reading page content, browser history, and selected text (sensitive user data); that sensitivity is expected but worth noting. The instructions do not direct reading arbitrary local files or sending data to remote hosts other than localhost.
Install Mechanism
No install spec is included (instruction-only plus shipped helper script). The included CLI script (scripts/slbrow.js) and tools.json are bundled with the skill; there are no external downloads, package installs, or extract-from-URL steps that would write or execute remote code.
Credentials
The skill requires no environment variables or credentials. It does, by design, interact with the user's browser via a local server/extension, which gives it access to browsing data; that access is proportionate to the claimed functionality but is a privacy-sensitive capability to grant.
Persistence & Privilege
always is false and no special persistence or system-wide config changes are requested. The skill can be invoked autonomously by the model (platform default) but does not claim elevated or permanent privileges over other skills or system settings.
Assessment
This skill implements local browser automation and is internally consistent with its description. Before installing: 1) Verify you trust the SLBrow server and the browser extension it requires — they can read page content, selected text, and browser history. 2) Ensure the SLBrow server is bound to localhost and not exposed to remote networks. 3) Review the included script (scripts/slbrow.js) and tools.json if you want to confirm no external endpoints are contacted. 4) Be cautious using the skill with sensitive accounts or pages (banking, SSO flows) because the tools can extract page content and history. 5) If you prefer the agent not to call this automatically, disable autonomous invocation at the platform level or only enable this skill when needed.scripts/slbrow.js:16
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.Like a lobster shell, security has layers — review code before you run it.
latest
SLBrow Browser Automation (Skills for Browser)
Skills for browser-side AI assistant. The browser plugin (aiassist) connects to slbrow-mcp via MCP protocol; these skills guide when and how to use the tools. Can be used via MCP tools or direct HTTP API calls with curl.
Prerequisites
- SLBrow server running:
npx slbrowornpm startinai/slbrowmcp/slbrow-mcp/ - Browser extension installed and connected (Chrome/Firefox)
- MCP plugin enabled in aiassist:
http://127.0.0.1:5556/mcp(视联浏览器MCP),http://127.0.0.1:5556/vaimcp(视联视频AI MCP) - Default ports: HTTP 5556, WebSocket 5555
Usage Methods
Method 1: MCP Tools (Browser Plugin + MCP)
When the MCP plugin is enabled, the AI has access to browser tools. Use these skills to guide tool selection and workflow:
- Navigation: Use
page_navigateto open URLs - Analysis: Use
page_analyzewith intent_hint (article, form submit, post_create) before extraction - Tabs: Use
tab_listfirst, then passtab_idto target specific tabs
Method 2: HTTP API with curl (Direct Control)
Always available - Use curl commands to control browser directly without MCP plugin dependency:
Basic format (PowerShell-friendly — no temp JSON file):
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"TOOL_NAME\",\"args\":{\"PARAM\":\"VALUE\"}}'
Important notes for Windows PowerShell:
- Use
curl.exeinstead ofcurl(PowerShell aliasescurltoInvoke-WebRequest) - Put the JSON body in
-d '...'with single quotes around the whole argument; backslash-escape every double quote in the JSON (\"). That way the shell passes valid JSON to curl without needing--data-binary @file
Common curl examples:
# Create new tab and navigate
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"tab_create\",\"args\":{\"url\":\"https://www.163.com\"}}'
# Navigate current tab
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"page_navigate\",\"args\":{\"url\":\"https://www.example.com\"}}'
# List all tabs
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"tab_list\",\"args\":{}}'
# Analyze page content
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"page_analyze\",\"args\":{\"intent_hint\":\"article\"}}'
# Extract article content
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"page_extract_content\",\"args\":{\"content_type\":\"article\"}}'
# Close specific tab
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"tab_close\",\"args\":{\"tab_id\":1234567890}}'
# Search browser history
curl.exe -X POST http://localhost:5556/api/execute -H 'Content-Type: application/json' -d '{\"tool\":\"get_history\",\"args\":{\"keywords\":\"search term\",\"max_results\":10}}'
Response format:
API returns JSON with success, tool, result, and formatted fields for easy parsing.
Available Tools
| Tool | Description |
|---|---|
page_navigate | Navigate current tab to URL |
page_analyze | Analyze page for elements (intent_hint: article, form submit, post_create, etc.) |
page_extract_content | Extract content (content_type: article, search_results, posts) |
page_wait_for | Wait for element or text (condition_type, selector, text) |
tab_create | Create tab(s) (url, urls[], or count) |
tab_close | Close tab(s) (tab_id, tab_ids[]) |
tab_list | List open tabs with IDs |
get_history | Search browser history (keywords, start_date, end_date, domains, max_results) |
get_selected_text | Get selected text (optional tab_id) |
get_page_links | Get page links (link_type: all/internal/external, domains, max_results) |
VAI Tools (Seelink)
| Tool | Description |
|---|---|
get_page_seelink_player_list | Get all players on current page |
use_seelink_players_ai | Apply AI function to players (ai_function_name: reduce_fog, face_mosaic, dark_reduce, human_outline, vechicle_outline, none) |
Workflow Patterns
Multi-tab workflow:
tab_listto get tab IDs- Add
tab_idto any tool to target a background tab
Content extraction:
page_navigateto target URLpage_analyzewith intent_hint to find elementspage_extract_contentfor article/search_results/posts
Form filling:
page_analyzewith intent_hint "form submit" to discover form elements- Note the element IDs returned — use them with subsequent
page_analyzeorpage_extract_contentto confirm state
VAI (Seelink player AI):
get_page_seelink_player_listto get player IDs and count- Choose targets by
player_position_list(zero-based index) orplayer_id_list(not both) use_seelink_players_aiwith chosen targets andai_function_name- To apply different functions to different players, call
use_seelink_players_aiseparately for each - To disable AI on a player, set
ai_function_nameto"none"
Fetching Skills in Browser
The browser plugin can fetch skills from the server to inject into AI context:
GET http://127.0.0.1:5556/api/skills
Returns the full SKILL.md content (text/markdown). Use when slbrow MCP plugins are enabled to guide tool usage.
API Reference
For full parameter schemas, see references/api-reference.md.
Additional resources
- One-page workflow checklist: SKILL_COMPACT.md
Error Handling
EXTENSION_DISCONNECTED: Ensure extension is installed and server is running. Checkhttp://localhost:5556/healthfirst.Tool call timeout: Operation took >30s; retry with simpler args or break into smaller steps.page_analyzereturns 0 elements: Page may still be loading — wait a moment and retry, orpage_navigateagain.tab_idinvalid (tab was closed): Calltab_listto refresh available tab IDs before retrying.- Server restarted (session lost): Client will receive 404; re-initialize MCP connection (refresh the page).
Quick Reference for curl Commands
Tab Management:
- Create tab:
tab_createwithurlparameter - List tabs:
tab_listwith empty args - Close tab:
tab_closewithtab_idparameter - Navigate:
page_navigatewithurlparameter
Content Analysis:
- Analyze page:
page_analyzewithintent_hint(article, form_submit, post_create) - Extract content:
page_extract_contentwithcontent_type(article, search_results, posts) - Get links:
get_page_linkswithlink_type(all, internal, external)
History & Text:
- Search history:
get_historywithkeywords,max_results - Get selected text:
get_selected_textwith optionaltab_id
Seelink AI:
- Get players:
get_page_seelink_player_list - Apply AI:
use_seelink_players_aiwithplayer_position_listorplayer_id_listandai_function_name
Troubleshooting
Server not responding:
- Check if SLBrow server is running:
curl.exe http://localhost:5556/health - Verify server is started with
npx slbrowornpm start
Curl command fails:
- Ensure using
curl.exein PowerShell - For
-d, use single-quoted JSON with\"around each JSON string delimiter (see Method 2 examples above) - Verify server is accessible on port 5556
Tab operations not working:
- Use
tab_listto get current tab IDs first - Verify tab_id is valid and tab still exists
- Check if browser extension is connected
Comments
Loading comments...