Browser Automation Ultra

Zero-token browser automation via Playwright scripts with CDP lock management and human-like interaction. Use when: (1) automating any browser-based workflow...

copies: implexa run clawhub/browser-automation-ultra

view source

installs

stars

karma

SkillRank score ↗

7.3/ 10

evaluated by implexa, claude-haiku-4-5 · 2026-05-26

browser-automation-ultra converts expensive browser interactions into zero-token playwright scripts that share openclaw's chrome session via CDP mutex lock. handles anti-detection with human-like interaction patterns and provides production example scripts for common platforms.

structure

9.0

trigger phrases

6.0

procedure

8.0

edge cases

6.0

documentation

8.0

view original SKILL.md from clawhubclick to expand

---
name: browser-automation-ultra
description: "Zero-token browser automation via Playwright scripts with CDP lock management and human-like interaction. Use when: (1) automating any browser-based workflow (publish, login, scrape, fill forms), (2) reducing token cost by converting browser-tool explorations into replayable scripts, (3) avoiding CDP port conflicts between OpenClaw browser and Playwright, (4) needing anti-detection/human-like mouse/keyboard behavior for platforms with bot detection. NOT for: simple URL fetches (use web_fetch instead), tasks that don't need a real browser session."
---

# Browser Automation Ultra

Explore → Record → Replay → Fix. Convert expensive browser-tool interactions into zero-token Playwright scripts that reuse OpenClaw's Chrome session (cookies/login intact).

## Prerequisites

Install Playwright (once per machine):

```bash
npm install -g playwright
# or in workspace: npm init -y && npm install playwright
```

No browser download needed — scripts connect to OpenClaw's existing Chrome via CDP.

## Architecture

```
Chrome user-data: ~/.openclaw/browser/openclaw/user-data
       ↕ shared cookies/login (mutually exclusive CDP)
┌──────────────┐    ┌──────────────────┐
│ browser tool │ OR │ Playwright script │
│ (explore)    │    │ (zero token)      │
└──────────────┘    └──────────────────┘
       ↕ managed by browser-lock.sh
```

Only one CDP client can connect at a time. `browser-lock.sh` handles the mutex.

## Setup

1. Copy `scripts/browser-lock.sh` to your workspace `scripts/` directory
2. Copy `scripts/utils/human-like.js` to your workspace `scripts/browser/utils/`
3. `chmod +x scripts/browser-lock.sh`
4. Create `scripts/browser/` for your automation scripts

## Core Workflow

### 1. Explore (browser tool, costs tokens)

Use the OpenClaw `browser` tool (snapshot/act) to figure out a workflow. Note selectors, page flow, key waits.

### 2. Record (write a Playwright script)

Convert steps into a script. Save to `scripts/browser/<verb>-<target>.js`. Use the template pattern:

```javascript
const { chromium } = require('playwright');
const { humanDelay, humanClick, humanType, humanThink, humanBrowse } = require('./utils/human-like');

function discoverCdpUrl() {
  try {
    const { execSync } = require('child_process');
    const ps = execSync("ps aux | grep 'remote-debugging-port' | grep -v grep", { encoding: 'utf8' });
    const match = ps.match(/remote-debugging-port=(\d+)/);
    return `http://127.0.0.1:${match ? match[1] : '18800'}`;
  } catch { return 'http://127.0.0.1:18800'; }
}

async function main() {
  const browser = await chromium.connectOverCDP(discoverCdpUrl());
  const context = browser.contexts()[0]; // reuse existing context (cookies/login)
  const page = await context.newPage();
  try {
    // automation here — use human-like functions
    await page.goto('https://example.com', { waitUntil: 'networkidle', timeout: 30000 });
    await humanBrowse(page); // simulate looking at the page
    await humanClick(page, 'button.submit');
    await humanType(page, 'input[name="title"]', 'Hello World');
  } finally {
    await page.close(); // NEVER browser.close() — kills entire Chrome
  }
}
main().then(() => process.exit(0)).catch(e => { console.error('❌', e.message); process.exit(1); });
```

### 3. Replay (zero tokens)

```bash
./scripts/browser-lock.sh run scripts/browser/my-task.js [args]
./scripts/browser-lock.sh run --timeout 120 scripts/browser/my-task.js
```

### 4. Fix (on error)

1. Read script error output
2. Re-explore the failing step with `browser` tool (snapshot) to check current UI
3. Update script with corrected selectors/logic
4. Retry

**Never guess fixes blindly. Always re-explore the actual page state.**

## browser-lock.sh

Manages CDP mutex between OpenClaw browser and Playwright scripts.

```bash
./scripts/browser-lock.sh run <script.js> [args]    # acquire → run → release (300s default)
./scripts/browser-lock.sh run --timeout 120 <script> # custom timeout
./scripts/browser-lock.sh acquire                    # manual: stop OpenClaw browser, start Chrome
./scripts/browser-lock.sh release                    # manual: kill Chrome, release lock
./scripts/browser-lock.sh status                     # show state
```

Lock file: `/tmp/openclaw-browser.lock`. Stale locks auto-recover.

## Anti-Detection Rules (MANDATORY)

All scripts **must** use `human-like.js`. See [references/anti-detection.md](references/anti-detection.md) for the full rule set.

Summary of critical rules:

| ❌ Banned | ✅ Required |
|-----------|------------|
| `waitForTimeout(3000)` fixed delays | `humanDelay(2000, 4000)` random range |
| `input.fill(text)` instant fill | `humanType(page, sel, text)` char-by-char with typos |
| `element.click()` teleport click | `humanClick(page, sel)` bezier mouse path + hover |
| Direct page operation after load | `humanBrowse(page)` simulate reading first |
| `nativeSetter.call()` DOM injection | `humanType()` or `humanFillContentEditable()` |
| Fixed cron schedule | `jitterWait(1, 10)` random offset |

**Exception:** `setInputFiles()` for file uploads is allowed (no human simulation possible), but add random delays before/after.

## human-like.js API

| Function | Purpose |
|----------|---------|
| `humanDelay(min, max)` | Random wait (ms) |
| `humanThink(min, max)` | Longer pause before form fills |
| `humanClick(page, sel)` | Bezier mouse move → hover → click with press/release jitter |
| `humanType(page, sel, text, opts)` | Char-by-char typing, normal distribution speed, 3% typo rate |
| `humanFillContentEditable(page, sel, text)` | For contenteditable divs (line-by-line Enter + humanType) |
| `humanBrowse(page, opts)` | Simulate page reading (scroll + mouse wander, 2-5s) |
| `humanScroll(page, opts)` | Random scroll with occasional reverse |
| `jitterWait(minMin, maxMin)` | Random delay in minutes for cron tasks |

## Script Naming Convention

`<verb>-<target>.js` — e.g. `publish-deviantart.js`, `read-inbox.js`, `reply-comment.js`

## Example Scripts

Production-tested scripts in `scripts/examples/`. Copy to your workspace `scripts/browser/` and adapt.

| Script | Platform | Function |
|--------|----------|----------|
| `publish-deviantart.js` | DeviantArt | Upload image, fill title/desc/tags, submit |
| `publish-xiaohongshu.js` | 小红书 | Publish image note with topic tag association via recommend list |
| `publish-pinterest.js` | Pinterest | Create pin with title/desc, select board |
| `publish-behance.js` | Behance | Upload project with title/desc/tags/categories |
| `read-proton-latest.js` | Proton Mail | Read inbox, output JSON list of emails |
| `read-xhs-comments.js` | 小红书 | Read notification comments, output JSON with reply button index |
| `reply-xhs-comment.js` | 小红书 | Reply to a specific comment by index |

Usage pattern:
```bash
# Copy examples to workspace
cp scripts/examples/*.js scripts/browser/
cp scripts/utils/human-like.js scripts/browser/utils/

# Run
./scripts/browser-lock.sh run scripts/browser/publish-deviantart.js image.png "Title" "Description" "tag1,tag2"
./scripts/browser-lock.sh run scripts/browser/read-xhs-comments.js --limit 10
./scripts/browser-lock.sh run scripts/browser/reply-xhs-comment.js 0 "回复文字"
```

All example scripts already use `human-like.js` for anti-detection.

## Cron Integration

```bash
cd /path/to/workspace && ./scripts/browser-lock.sh run scripts/browser/task.js
```

Add `jitterWait()` at script start to randomize execution time.

## Troubleshooting

| Problem | Fix |
|---------|-----|
| Lock held by PID xxx | `./scripts/browser-lock.sh release` |
| CDP connection timeout | Ensure `acquire` was called / Chrome is running |
| Login expired | Use browser tool to re-login, then run script |
| Selector not found | Re-explore with browser tool, update script |
| Script timeout | Increase with `--timeout` flag |

## Environment Variables

| Var | Default | Description |
|-----|---------|-------------|
| `CDP_PORT` | auto-discover | Override CDP port |
| `CHROME_BIN` | auto-detect | Chrome binary path |
| `HEADLESS` | auto | `true`/`false` to force headless |

don't have the plugin yet? install it then click "run inline in claude" again.

added explicit inputs (CDP port discovery, lock file, env vars), broke procedure into 5 numbered steps with detailed sub-steps, extracted decision logic for CDP failure/lock stale/login expiry/selector missing/timeout/file upload/bot detection, defined output contract with JSON schema examples, and clarified outcome signals for success and failure paths.

Browser Automation Ultra

Item: Browser Automation Ultra
Rating: 7.3
Author: Implexa

intent

Convert expensive browser-tool interactions into zero-token Playwright scripts that reuse OpenClaw's Chrome session (cookies/login intact). Use this skill when automating any browser-based workflow (publish, login, scrape, fill forms), reducing token cost by converting explorations into replayable scripts, avoiding CDP port conflicts between OpenClaw browser and Playwright, or needing anti-detection/human-like mouse/keyboard behavior for platforms with bot detection. Skip this if you need simple URL fetches (use web_fetch instead) or tasks that don't require a real browser session.

inputs

Required installations (one-time per machine):

Playwright: npm install -g playwright or npm install playwright in workspace
Chrome: no manual download needed; scripts connect to OpenClaw's existing Chrome via CDP

Required workspace files:

scripts/browser-lock.sh (mutex manager for CDP access)
scripts/utils/human-like.js (anti-detection library)
scripts/browser/ directory for your automation scripts

External connections:

OpenClaw Chrome instance running with remote debugging enabled (default CDP port 18800 or auto-discovered)
Chrome user-data directory at ~/.openclaw/browser/openclaw/user-data (shared cookies/login state)

Environment variables (optional):

CDP_PORT: override auto-discovered CDP port (default: auto-discover from ps aux)
CHROME_BIN: override Chrome binary path (default: auto-detect)
HEADLESS: force headless mode true/false (default: auto)

Lock file:

/tmp/openclaw-browser.lock manages mutex; auto-recovers from stale locks

procedure

Setup (first time):
- Copy scripts/browser-lock.sh to your workspace scripts/ directory
- Copy scripts/utils/human-like.js to your workspace scripts/browser/utils/
- Run chmod +x scripts/browser-lock.sh
- Create scripts/browser/ directory for automation scripts
Explore phase (using browser tool, costs tokens):
- Use OpenClaw browser tool with snapshot/act to understand the workflow
- Note all CSS selectors, page flow, required waits, and login state
- Document any dynamic elements, iframe boundaries, or redirect chains
Record phase (write Playwright script):
- Create a new file at scripts/browser/<verb>-<target>.js (e.g. publish-deviantart.js, read-inbox.js)
- Import Playwright chromium and human-like functions: const { chromium } = require('playwright'); const { humanDelay, humanClick, humanType, humanThink, humanBrowse } = require('./utils/human-like');
- Discover CDP URL by parsing ps aux output for remote-debugging-port or fallback to http://127.0.0.1:18800
- Connect to existing Chrome via CDP: const browser = await chromium.connectOverCDP(cdpUrl);
- Reuse existing context (preserves cookies/login): const context = browser.contexts()[0];
- Create new page in that context: const page = await context.newPage();
- Write automation steps using human-like functions (see human-like.js API below)
- Always call await page.close(); in finally block (never browser.close() which kills entire Chrome)
- Exit process with code 0 on success, code 1 on error
Replay phase (zero tokens):
- Run script with lock manager: ./scripts/browser-lock.sh run scripts/browser/my-task.js [args]
- Pass optional --timeout flag to override default 300 seconds: ./scripts/browser-lock.sh run --timeout 120 scripts/browser/my-task.js
- Lock manager acquires mutex, runs script, releases mutex automatically
- Check exit code: 0 = success, 1 = failure
Fix phase (on error):
- Read script error output and stack trace
- Use browser tool snapshot to check current UI state of failing step
- Update script selectors, logic, or waits based on actual page state
- Retry with ./scripts/browser-lock.sh run
- Do not guess fixes; always re-explore the actual page first

decision points

If CDP connection fails:

Auto-discover from ps aux output for remote-debugging-port
Fallback to default port 18800
If still fails, check CDP_PORT env var or ensure OpenClaw browser is running
If OpenClaw browser is running and locking port, acquire lock first: ./scripts/browser-lock.sh acquire

If lock is held by stale PID:

Check /tmp/openclaw-browser.lock to see which process owns it
Run ./scripts/browser-lock.sh release to force release
Lock auto-recovers if PID no longer exists

If login expires during script run:

Script will fail at selector not found or auth check
Re-login via browser tool snapshot
Run script again to reuse refreshed cookies from context

If selector is not found:

Do not add retry loops; re-explore with browser tool first
Check if page structure changed (popup overlay, dynamic class names, iframe boundary)
Update script with correct selector
Do not proceed without re-exploring actual page state

If script exceeds timeout:

Default is 300 seconds (5 minutes)
Pass --timeout flag for longer tasks: --timeout 600 for 10 minutes
If script consistently times out, add humanBrowse() or humanDelay() calls to identify slow page loads

If file upload is needed:

setInputFiles() is allowed (no human simulation possible for native file picker)
Add random delays before/after file upload with humanDelay()
Do not use for form inputs unless native file input

If platform has aggressive bot detection:

Mandatory use of human-like.js functions for all interactions
Use humanBrowse(page) after page load to simulate reading
Use humanClick() instead of direct click for all buttons/links
Use humanType() for all text input (includes 3% typo simulation)
Use humanDelay(min, max) instead of fixed waitForTimeout()
Never use native DOM setters (nativeSetter.call())

output contract

Script execution success:

Exit code 0
Optional: stdout JSON output (e.g. console.log(JSON.stringify(results)))
Optional: file output to workspace directory (e.g. fs.writeFileSync('output.json', JSON.stringify(data)))

Example output format for read/scrape tasks:

{
  "status": "success",
  "items": [
    { "selector_index": 0, "text": "item title", "href": "https://..." }
  ],
  "count": 5,
  "timestamp": "2025-01-15T12:34:56Z"
}

Example output format for publish/action tasks:

{
  "status": "success",
  "url": "https://platform.com/published/item-id",
  "timestamp": "2025-01-15T12:34:56Z"
}

Failure contract:

Exit code 1
stderr: human-readable error message
Example: ❌ Selector 'button.submit' not found after 30s timeout

outcome signal

Script runs via ./scripts/browser-lock.sh run and completes with exit code 0
Expected output appears in stdout (JSON, text file, console log)
No errors in stderr
If reading/scraping, JSON output matches expected schema
If publishing/action, platform URL or confirmation ID returned
Lock is released and Chrome remains running (context still valid for next script)
Cookies and login state persist across runs (context reuse working)

Browser Automation Ultra

related skills

Browser Automation Ultra

intent

inputs

procedure

decision points

output contract

outcome signal