Requirements
- Target platform
- OpenClaw
- Install method
- Manual import
- Extraction
- Extract archive
- Prerequisites
- OpenClaw
- Primary doc
- SKILL.md
Tencent SkillHub Β· Developer Tools
Browser Secure
Secure browser automation with Chrome profile support, vault integration, approval gates, and comprehensive audit logging. Use for authenticated sites, sensitive operations, or compliance requirements.
skill openclawclawhub Free
Secure browser automation with Chrome profile support, vault integration, approval gates, and comprehensive audit logging. Use for authenticated sites, sensitive operations, or compliance requirements.
β¬ 0 downloads β
0 stars Unverified but indexed
Install for OpenClaw
Quick setup
- Download the package from Yavira.
- Extract the archive and review SKILL.md first.
- Import or place the package into your OpenClaw setup.
Package facts
- Download mode
- Yavira redirect
- Package format
- ZIP package
- Source platform
- Tencent SkillHub
- What's included
- setup.json, README.md, package-lock.json, package.json, SKILL.md, tsconfig.json
Validation
- Use the Yavira download entry.
- Review SKILL.md after the package is downloaded.
- Confirm the extracted package contains the expected setup assets.
Install with your agent
Agent handoff
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
New install
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete.
Upgrade existing
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run.
Trust & source
Release facts
- Source
- Tencent SkillHub
- Verification
- Indexed source record
- Version
- 1.0.1
Provenance
- Publisher
- riverho
- Source page
- View original listing
- Canonical URL
- Open canonical page
Documentation
Browser Secure
Secure browser automation with vault-backed credentials, approval gates, and audit trails.
Philosophy
"Never trust, always verify, encrypt everything, audit all actions"
Quick Start
# Open the welcome page (default when no URL provided) browser-secure navigate # Navigate to a public site browser-secure navigate https://example.com # Navigate with auto-vault credential discovery browser-secure navigate https://app.neilpatel.com/ --auto-vault # Navigate to an authenticated site (pre-configured) browser-secure navigate https://nytimes.com --site=nytimes # Perform actions (fully automated) browser-secure act "click the login button" browser-secure extract "get the article headlines" # Use interactive mode (with approval prompts) browser-secure navigate https://bank.com --interactive # Close and cleanup browser-secure close
Auto-Vault Credential Discovery
The --auto-vault flag enables interactive credential discovery from your password manager: browser-secure navigate https://app.neilpatel.com/ --auto-vault This will: Extract the domain from the URL (app.neilpatel.com β neilpatel) Search Bitwarden first (free, default), then 1Password if available Present matching items interactively: π Auto-discovering credentials for app.neilpatel.com... π Found 2 matching credential(s) in Bitwarden: 1) Neil Patel Account Username: user@example.com 2) Ubersuggest API Key n) None of these - try another vault m) Manually enter credentials Select credential to use (1-2, n, or m): 1 π Retrieving credentials for neilpatel... Save this credential mapping for future use? (y/n): y β Saved credential mapping for "neilpatel" to ~/.browser-secure/config.yaml Default vault provider set to: Bitwarden After saving, you can use the simpler command next time: browser-secure navigate https://app.neilpatel.com/ --site=neilpatel
Profile Management
Create isolated Chrome profiles for secure automation with automatic welcome page setup: # Create a new profile with welcome page browser-secure profile --create "Funny Name" # Create and immediately launch Chrome browser-secure profile --create "The Crustacean Station π¦" --launch # List all Chrome profiles browser-secure profile --list
What the Welcome Page Includes
When you create a new profile, it opens with a custom welcome page that guides you through: π Why This Profile Exists - Explains the isolated automation concept π Required Extensions - Direct links to install: Bitwarden password manager OpenClaw Browser Relay ποΈ Vault Setup - Step-by-step for Bitwarden or 1Password β Setup Checklist - Interactive checklist to track progress π‘οΈ Security Info - "Your vault is secure" messaging with key features
Why Separate Profiles?
AspectPersonal ProfileAutomation ProfileExtensionsYour personal onesOnly automation extensionsCookiesPersonal loginsIsolated session stateSecurityShared with daily browsingLocked down, auditedCleanupManualAutomatic session timeout
Chrome Profile Support
Browser Secure can use your existing Chrome profiles, giving you access to saved cookies, session state, and existing website logins.
List Available Profiles
browser-secure navigate https://example.com --list-profiles Output: π Available Chrome profiles: 1. Person 1 β ID: Default Path: /Users/river/Library/Application Support/Google/Chrome/Default 2. Work ID: Profile 1 Path: /Users/river/Library/Application Support/Google/Chrome/Profile 1
Use a Specific Profile
# By profile ID browser-secure navigate https://gmail.com --profile "Default" browser-secure navigate https://gmail.com --profile "Profile 1" # Interactively select browser-secure navigate https://gmail.com --profile select
Profile vs Incognito Mode
ModeCookiesLoginsExtensionsUse CaseIncognito (default)β Noneβ Noneβ NoneSecure, isolated testingChrome Profileβ Yesβ Yesβ YesAccess existing sessions Security Note: Browser Secure creates isolated profiles for automation without modifying your existing Chrome profiles. When using --profile, it reads from (but does not write to) existing profiles.
Option 1: Install via Clawdbot (Recommended)
The easiest wayβjust ask Clawdbot: Hey Clawdbot, install browser-secure for me Clawdbot will handle everything: check prerequisites, auto-install dependencies, build, and configure.
Option 2: Install from GitHub
# Clone and install curl -fsSL https://raw.githubusercontent.com/openclaw/openclaw/main/scripts/install-browser-secure.sh | bash
Option 3: Manual Setup (Advanced)
If you prefer full control or are developing on the tool: # Clone the repository git clone https://github.com/openclaw/openclaw.git cd openclaw/skills/browser-secure # Run interactive setup npm run setup This will: β Check prerequisites (Node.js 18+, Chrome) π¦ Auto-install missing dependencies (Playwright browsers, optional vault CLIs) π¨ Build and link the CLI globally π Create default configuration
What Gets Auto-Installed
The setup automatically handles: Playwright Chromium - Required browser binary (~50MB) Bitwarden CLI - If brew is available (recommended vault) 1Password CLI - If brew is available (optional)
Configure Vault (Optional)
After setup, configure your preferred vault using environment variables (recommended) or direct CLI login: Option A: .env File (Convenience for Automation) β οΈ Security Note: .env files store credentials in plaintext. Only use this on trusted, private machines. Vault integration (Bitwarden/1Password) is the recommended secure approach. cd ~/.openclaw/workspace/skills/browser-secure cp .env.example .env # Edit .env with your credentials Full Automation (API Key + Password): # .env - For fully automated vault access BW_CLIENTID=user.xxx-xxx BW_CLIENTSECRET=your-secret-here BW_PASSWORD=your-master-password How it works: BW_CLIENTID/BW_CLIENTSECRET β Authenticates with Bitwarden (replaces username/password) BW_PASSWORD β Decrypts your vault (required for automated access) Alternative: Session Token # If you prefer not to store your master password: export BW_SESSION=$(bw unlock --raw) # Then add to .env: # BW_SESSION=xxx... Option B: Direct CLI Login # Bitwarden (recommended - free) brew install bitwarden-cli # if not auto-installed bw login export BW_SESSION=$(bw unlock --raw) # 1Password (if you have a subscription) brew install 1password-cli # if not auto-installed op signin # Test vault access browser-secure vault --list
Verify Installation
browser-secure --version browser-secure navigate https://example.com browser-secure screenshot browser-secure close
Bitwarden (Default, Free) β
Recommended β free for personal use, open source, cross-platform. # Install brew install bitwarden-cli # Setup .env file cd ~/.openclaw/workspace/skills/browser-secure cp .env.example .env # Edit .env and add: # BW_CLIENTID=your-api-key-id # BW_CLIENTSECRET=your-api-key-secret # BW_PASSWORD=your-master-password # Use - credentials auto-loaded from .env browser-secure navigate https://app.neilpatel.com/ --auto-vault Authentication vs Unlock: API Key (BW_CLIENTID/BW_CLIENTSECRET) β Logs you into Bitwarden Master Password (BW_PASSWORD) β Decrypts your vault contents Both are needed for fully automated workflows Get API Key: https://vault.bitwarden.com/#/settings/security/keys
1Password (Paid)
Alternative β if you already have a 1Password subscription. # Install brew install 1password-cli # Login op signin eval $(op signin) # Use browser-secure navigate https://app.neilpatel.com/ --auto-vault
macOS Keychain (Local)
Fallback β store credentials in macOS Keychain (no cloud sync).
Environment Variables
Emergency fallback β set credentials via env vars: export BROWSER_SECURE_NEILPATEL_USERNAME="user@example.com" export BROWSER_SECURE_NEILPATEL_PASSWORD="secret" browser-secure navigate https://app.neilpatel.com/
Commands
CommandDescriptionnavigateOpen welcome page (default when no URL provided)navigate <url>Navigate to a URLnavigate <url> --profile <id>Use specific Chrome profilenavigate <url> --profile selectInteractively choose Chrome profilenavigate <url> --list-profilesList available Chrome profilesnavigate <url> --auto-vaultAuto-discover credentials (Bitwarden β 1Password β manual)navigate <url> --site=<name>Use pre-configured site credentialsprofile --create <name>Create new Chrome profile with welcome pageprofile --create <name> --launchCreate profile and launch Chromeprofile --listList all Chrome profilesact "<instruction>"Natural language actionextract "<instruction>"Extract data from pagescreenshotTake screenshotcloseClose browser and cleanupstatusShow session statusauditView audit logs
Welcome Page (Default)
When you run browser-secure navigate without a URL, it opens the welcome page located at: ~/.openclaw/workspace/skills/browser-secure/assets/welcome.html The welcome page provides: π Onboarding guide β Why browser-secure exists and how it works π Extension links β Direct install for Bitwarden and OpenClaw Browser Relay ποΈ Vault setup β Step-by-step for Bitwarden or 1Password β Setup checklist β Interactive checklist to track progress π‘οΈ Security info β "Your vault is secure" messaging with key features Pro tip: Use the welcome page as your starting point for new profiles: # Create a profile, then immediately open welcome page browser-secure profile --create "Work Automation" --launch # Then in another terminal: browser-secure navigate # Opens welcome page in the active session
Approval Modes (Hybrid Design)
browser-secure operates in unattended mode by default, making it ideal for agent automation while preserving safety guardrails.
Default Mode: Unattended (Automation-First)
# All commands run unattended by default - no interactive prompts browser-secure navigate https://example.com browser-secure act "fill the search form" browser-secure extract "get all links" In this mode: β All non-destructive actions execute immediately β Credentials auto-injected from vault β Audit trail written automatically β οΈ Destructive actions (delete, purchase) require --skip-approval or --interactive
Interactive Mode (Human-in-the-Loop)
For sensitive operations, use --interactive to enable approval prompts: # Enable tiered approval gates browser-secure navigate https://bank.com --interactive # Approve individual actions browser-secure act "transfer $1000" --interactive Approval tiers in interactive mode: TierActionsApprovalRead-onlynavigate, screenshot, extractNoneForm filltype, select, clickPromptAuthenticationfill_password, submit_loginAlwaysDestructivedelete, purchase2FA required
Force Override (Emergency)
# Skip ALL approvals including destructive (DANGEROUS) browser-secure act "delete account" --skip-approval β οΈ Warning: --skip-approval bypasses all safety checks. Use only in fully automated, sandboxed environments.
Session Security
Time-bounded (30 min default, auto-expiry) Isolated work directories (UUID-based) Incognito mode (no persistent profile) β default Chrome profile support (your cookies, logins, extensions) β opt-in via --profile Secure cleanup (overwrite + delete) Network restrictions (block localhost/private IPs)
Audit Trail
{ "event": "BROWSER_SECURE_SESSION", "sessionId": "bs-20260211054500-abc123", "site": "nytimes.com", "actions": [...], "chainHash": "sha256:..." }
Environment Variables
VariablePurposeBROWSER_SECURE_CONFIGConfig file pathBW_CLIENTIDBitwarden API key ID (for automation)BW_CLIENTSECRETBitwarden API key secret (for automation)BW_PASSWORDBitwarden master password (alternative)BW_SESSIONBitwarden session token (legacy)OP_SERVICE_ACCOUNT_TOKEN1Password service accountBROWSER_SECURE_{SITE}_PASSWORDEnv-based credentials
Comparison with browser-automation
Featurebrowser-automationbrowser-secureCredentialsCLI (exposed)Vault-backedChrome Profilesβ Noβ Yes (with cookies/logins)ApprovalNoneTiered gatesAuditNoneFull trailSession timeoutNone30 min defaultNetworkUnrestrictedAllow-listBest forQuick tasksSensitive/authenticated
Troubleshooting
Chrome keychain prompt on first run: This is normal! When Playwright launches Chrome for the first time, macOS asks if Chrome can access your keychain. You can click "Deny" since browser-secure manages credentials through your vault, not Chrome's built-in storage. Vault not found: Install the CLI for your preferred vault: Bitwarden: brew install bitwarden-cli 1Password: brew install 1password-cli Bitwarden "Vault is locked": If using .env file: Check that BW_CLIENTID and BW_CLIENTSECRET are set correctly Or run: export BW_SESSION=$(bw unlock --raw) Bitwarden API key not working: Ensure your API key has access to the vault items you need. API keys are created at: https://vault.bitwarden.com/#/settings/security/keys Site not configured: Use --auto-vault for interactive setup, or add manually to ~/.browser-secure/config.yaml Session expired: Default 30-minute TTL, restart with --timeout Approval required: Use -y for non-interactive (careful!) Profile not found: Run browser-secure navigate https://example.com --list-profiles to see available profiles Chrome profile in use: Close Chrome before using --profile option (Chrome locks profile when running)
Category context
Code helpers, APIs, CLIs, browser automation, testing, and developer operations.
Source: Tencent SkillHub
Largest current source with strong distribution and engagement signals.
Package contents
Included in package
4 Config2 Docs
- SKILL.md
- README.md
- package-lock.json
- package.json
- setup.json
- tsconfig.json