Browser Fu

v1.0.2

Fixes browser automation failures. Snapshot-first workflow + API discovery behind any website UI. Use when: 'browser not working', 'can't click', 'flaky UI',...

⭐ 1· 107·0 current·0 all-time

by@whooshinglander

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name and description match the SKILL.md: the skill is an instruction-only guide for snapshot-first browser automation and API discovery. It requests no binaries, env vars, or installs, which is consistent for an authoring/instructional skill of this purpose.

ℹ

Instruction Scope

Instructions stay within browser automation and API-discovery scope (snapshot→act cycles, network inspection, using web_fetch or curl). The doc explicitly recommends using cookies from a browser session for authenticated endpoints and demonstrates a curl example with a Cookie header; this is operationally necessary for some tasks but introduces a data-handling risk (exposing session tokens) if the agent or user mishandles them. The skill also mentions executing curl (shell/network calls), which is expected for API discovery but should be constrained to the target domain and explicit user approval when auth is required.

✓

Install Mechanism

Instruction-only skill with no install spec and no code files — lowest-risk install footprint. Nothing is downloaded or written to disk by the skill itself.

✓

Credentials

No environment variables, credentials, or config paths are required. The few references to cookies/sessions and a 'profile="user"' are relevant to browser automation and are proportionate to the stated purpose.

✓

Persistence & Privilege

always:false (not force-included) and normal model invocation settings. The skill does not request persistent system presence or modify other skills/configs.

Assessment

This skill is a how-to for more reliable browser automation and API discovery and appears internally consistent. Before using it: (1) avoid copying or exposing real session cookies, API keys, or passwords into curl commands or logs — authenticate only when necessary and prefer short-lived credentials; (2) confirm your agent/environment enforces the skill's safeguard (that it won't output or persist cookies/tokens); (3) when an API requires authentication, prefer using sanctioned credentials stored safely by the platform rather than pasting cookie headers manually; (4) test flows on public/non-sensitive pages first to verify behavior; and (5) do not use it to bypass CAPTCHAs or to automate payments or irreversible actions without explicit consent. If you want a higher-assurance review, provide platform-specific details about how your agent exposes browser session cookies and whether curl/exec calls are sandboxed so I can re-evaluate risk level.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dsns8wr6qvmmf9thfh7xty983gkye

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Browser Fu

License

Comments