{ "schemaVersion": "1.0", "item": { "slug": "browser-secure", "name": "Browser Secure", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/riverho/browser-secure", "canonicalUrl": "https://clawhub.ai/riverho/browser-secure", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/browser-secure", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=browser-secure", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "setup.json", "README.md", "package-lock.json", "package.json", "SKILL.md", "tsconfig.json" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/browser-secure" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/browser-secure", "agentPageUrl": "https://openagent3.xyz/skills/browser-secure/agent", "manifestUrl": "https://openagent3.xyz/skills/browser-secure/agent.json", "briefUrl": "https://openagent3.xyz/skills/browser-secure/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Browser Secure", "body": "Secure browser automation with vault-backed credentials, approval gates, and audit trails." }, { "title": "Philosophy", "body": "\"Never trust, always verify, encrypt everything, audit all actions\"" }, { "title": "Quick Start", "body": "# Open the welcome page (default when no URL provided)\nbrowser-secure navigate\n\n# Navigate to a public site\nbrowser-secure navigate https://example.com\n\n# Navigate with auto-vault credential discovery\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault\n\n# Navigate to an authenticated site (pre-configured)\nbrowser-secure navigate https://nytimes.com --site=nytimes\n\n# Perform actions (fully automated)\nbrowser-secure act \"click the login button\"\nbrowser-secure extract \"get the article headlines\"\n\n# Use interactive mode (with approval prompts)\nbrowser-secure navigate https://bank.com --interactive\n\n# Close and cleanup\nbrowser-secure close" }, { "title": "Auto-Vault Credential Discovery", "body": "The --auto-vault flag enables interactive credential discovery from your password manager:\n\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault\n\nThis will:\n\nExtract the domain from the URL (app.neilpatel.com → neilpatel)\nSearch Bitwarden first (free, default), then 1Password if available\nPresent matching items interactively:\n\n🔍 Auto-discovering credentials for app.neilpatel.com...\n\n📋 Found 2 matching credential(s) in Bitwarden:\n\n 1) Neil Patel Account\n Username: user@example.com\n 2) Ubersuggest API Key\n\n n) None of these - try another vault\n m) Manually enter credentials\n\nSelect credential to use (1-2, n, or m): 1\n🔐 Retrieving credentials for neilpatel...\n\nSave this credential mapping for future use? (y/n): y\n✅ Saved credential mapping for \"neilpatel\" to ~/.browser-secure/config.yaml\n Default vault provider set to: Bitwarden\n\nAfter saving, you can use the simpler command next time:\n\nbrowser-secure navigate https://app.neilpatel.com/ --site=neilpatel" }, { "title": "Profile Management", "body": "Create isolated Chrome profiles for secure automation with automatic welcome page setup:\n\n# Create a new profile with welcome page\nbrowser-secure profile --create \"Funny Name\"\n\n# Create and immediately launch Chrome\nbrowser-secure profile --create \"The Crustacean Station 🦞\" --launch\n\n# List all Chrome profiles\nbrowser-secure profile --list" }, { "title": "What the Welcome Page Includes", "body": "When you create a new profile, it opens with a custom welcome page that guides you through:\n\n📖 Why This Profile Exists - Explains the isolated automation concept\n🔌 Required Extensions - Direct links to install:\n\nBitwarden password manager\nOpenClaw Browser Relay\n\n\n🗝️ Vault Setup - Step-by-step for Bitwarden or 1Password\n✅ Setup Checklist - Interactive checklist to track progress\n🛡️ Security Info - \"Your vault is secure\" messaging with key features" }, { "title": "Why Separate Profiles?", "body": "AspectPersonal ProfileAutomation ProfileExtensionsYour personal onesOnly automation extensionsCookiesPersonal loginsIsolated session stateSecurityShared with daily browsingLocked down, auditedCleanupManualAutomatic session timeout" }, { "title": "Chrome Profile Support", "body": "Browser Secure can use your existing Chrome profiles, giving you access to saved cookies, session state, and existing website logins." }, { "title": "List Available Profiles", "body": "browser-secure navigate https://example.com --list-profiles\n\nOutput:\n\n📋 Available Chrome profiles:\n\n 1. Person 1 ★\n ID: Default\n Path: /Users/river/Library/Application Support/Google/Chrome/Default\n\n 2. Work\n ID: Profile 1\n Path: /Users/river/Library/Application Support/Google/Chrome/Profile 1" }, { "title": "Use a Specific Profile", "body": "# By profile ID\nbrowser-secure navigate https://gmail.com --profile \"Default\"\nbrowser-secure navigate https://gmail.com --profile \"Profile 1\"\n\n# Interactively select\nbrowser-secure navigate https://gmail.com --profile select" }, { "title": "Profile vs Incognito Mode", "body": "ModeCookiesLoginsExtensionsUse CaseIncognito (default)❌ None❌ None❌ NoneSecure, isolated testingChrome Profile✅ Yes✅ Yes✅ YesAccess existing sessions\n\nSecurity Note: Browser Secure creates isolated profiles for automation without modifying your existing Chrome profiles. When using --profile, it reads from (but does not write to) existing profiles." }, { "title": "Option 1: Install via Clawdbot (Recommended)", "body": "The easiest way—just ask Clawdbot:\n\nHey Clawdbot, install browser-secure for me\n\nClawdbot will handle everything: check prerequisites, auto-install dependencies, build, and configure." }, { "title": "Option 2: Install from GitHub", "body": "# Clone and install\ncurl -fsSL https://raw.githubusercontent.com/openclaw/openclaw/main/scripts/install-browser-secure.sh | bash" }, { "title": "Option 3: Manual Setup (Advanced)", "body": "If you prefer full control or are developing on the tool:\n\n# Clone the repository\ngit clone https://github.com/openclaw/openclaw.git\ncd openclaw/skills/browser-secure\n\n# Run interactive setup\nnpm run setup\n\nThis will:\n\n✅ Check prerequisites (Node.js 18+, Chrome)\n📦 Auto-install missing dependencies (Playwright browsers, optional vault CLIs)\n🔨 Build and link the CLI globally\n📝 Create default configuration" }, { "title": "What Gets Auto-Installed", "body": "The setup automatically handles:\n\nPlaywright Chromium - Required browser binary (~50MB)\nBitwarden CLI - If brew is available (recommended vault)\n1Password CLI - If brew is available (optional)" }, { "title": "Configure Vault (Optional)", "body": "After setup, configure your preferred vault using environment variables (recommended) or direct CLI login:\n\nOption A: .env File (Convenience for Automation)\n\n⚠️ Security Note: .env files store credentials in plaintext. Only use this on trusted, private machines. Vault integration (Bitwarden/1Password) is the recommended secure approach.\n\ncd ~/.openclaw/workspace/skills/browser-secure\ncp .env.example .env\n# Edit .env with your credentials\n\nFull Automation (API Key + Password):\n\n# .env - For fully automated vault access\nBW_CLIENTID=user.xxx-xxx\nBW_CLIENTSECRET=your-secret-here\nBW_PASSWORD=your-master-password\n\nHow it works:\n\nBW_CLIENTID/BW_CLIENTSECRET → Authenticates with Bitwarden (replaces username/password)\nBW_PASSWORD → Decrypts your vault (required for automated access)\n\nAlternative: Session Token\n\n# If you prefer not to store your master password:\nexport BW_SESSION=$(bw unlock --raw)\n# Then add to .env:\n# BW_SESSION=xxx...\n\nOption B: Direct CLI Login\n\n# Bitwarden (recommended - free)\nbrew install bitwarden-cli # if not auto-installed\nbw login\nexport BW_SESSION=$(bw unlock --raw)\n\n# 1Password (if you have a subscription)\nbrew install 1password-cli # if not auto-installed\nop signin\n\n# Test vault access\nbrowser-secure vault --list" }, { "title": "Verify Installation", "body": "browser-secure --version\nbrowser-secure navigate https://example.com\nbrowser-secure screenshot\nbrowser-secure close" }, { "title": "Bitwarden (Default, Free) ⭐", "body": "Recommended — free for personal use, open source, cross-platform.\n\n# Install\nbrew install bitwarden-cli\n\n# Setup .env file\ncd ~/.openclaw/workspace/skills/browser-secure\ncp .env.example .env\n# Edit .env and add:\n# BW_CLIENTID=your-api-key-id\n# BW_CLIENTSECRET=your-api-key-secret \n# BW_PASSWORD=your-master-password\n\n# Use - credentials auto-loaded from .env\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault\n\nAuthentication vs Unlock:\n\nAPI Key (BW_CLIENTID/BW_CLIENTSECRET) → Logs you into Bitwarden\nMaster Password (BW_PASSWORD) → Decrypts your vault contents\nBoth are needed for fully automated workflows\n\nGet API Key: https://vault.bitwarden.com/#/settings/security/keys" }, { "title": "1Password (Paid)", "body": "Alternative — if you already have a 1Password subscription.\n\n# Install\nbrew install 1password-cli\n\n# Login\nop signin\neval $(op signin)\n\n# Use\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault" }, { "title": "macOS Keychain (Local)", "body": "Fallback — store credentials in macOS Keychain (no cloud sync)." }, { "title": "Environment Variables", "body": "Emergency fallback — set credentials via env vars:\n\nexport BROWSER_SECURE_NEILPATEL_USERNAME=\"user@example.com\"\nexport BROWSER_SECURE_NEILPATEL_PASSWORD=\"secret\"\nbrowser-secure navigate https://app.neilpatel.com/" }, { "title": "Commands", "body": "CommandDescriptionnavigateOpen welcome page (default when no URL provided)navigate Navigate to a URLnavigate --profile Use specific Chrome profilenavigate --profile selectInteractively choose Chrome profilenavigate --list-profilesList available Chrome profilesnavigate --auto-vaultAuto-discover credentials (Bitwarden → 1Password → manual)navigate --site=Use pre-configured site credentialsprofile --create Create new Chrome profile with welcome pageprofile --create --launchCreate profile and launch Chromeprofile --listList all Chrome profilesact \"\"Natural language actionextract \"\"Extract data from pagescreenshotTake screenshotcloseClose browser and cleanupstatusShow session statusauditView audit logs" }, { "title": "Welcome Page (Default)", "body": "When you run browser-secure navigate without a URL, it opens the welcome page located at:\n\n~/.openclaw/workspace/skills/browser-secure/assets/welcome.html\n\nThe welcome page provides:\n\n📖 Onboarding guide — Why browser-secure exists and how it works\n🔌 Extension links — Direct install for Bitwarden and OpenClaw Browser Relay\n🗝️ Vault setup — Step-by-step for Bitwarden or 1Password\n✅ Setup checklist — Interactive checklist to track progress\n🛡️ Security info — \"Your vault is secure\" messaging with key features\n\nPro tip: Use the welcome page as your starting point for new profiles:\n\n# Create a profile, then immediately open welcome page\nbrowser-secure profile --create \"Work Automation\" --launch\n# Then in another terminal:\nbrowser-secure navigate # Opens welcome page in the active session" }, { "title": "Approval Modes (Hybrid Design)", "body": "browser-secure operates in unattended mode by default, making it ideal for agent automation while preserving safety guardrails." }, { "title": "Default Mode: Unattended (Automation-First)", "body": "# All commands run unattended by default - no interactive prompts\nbrowser-secure navigate https://example.com\nbrowser-secure act \"fill the search form\"\nbrowser-secure extract \"get all links\"\n\nIn this mode:\n\n✅ All non-destructive actions execute immediately\n✅ Credentials auto-injected from vault\n✅ Audit trail written automatically\n⚠️ Destructive actions (delete, purchase) require --skip-approval or --interactive" }, { "title": "Interactive Mode (Human-in-the-Loop)", "body": "For sensitive operations, use --interactive to enable approval prompts:\n\n# Enable tiered approval gates\nbrowser-secure navigate https://bank.com --interactive\n\n# Approve individual actions\nbrowser-secure act \"transfer $1000\" --interactive\n\nApproval tiers in interactive mode:\n\nTierActionsApprovalRead-onlynavigate, screenshot, extractNoneForm filltype, select, clickPromptAuthenticationfill_password, submit_loginAlwaysDestructivedelete, purchase2FA required" }, { "title": "Force Override (Emergency)", "body": "# Skip ALL approvals including destructive (DANGEROUS)\nbrowser-secure act \"delete account\" --skip-approval\n\n⚠️ Warning: --skip-approval bypasses all safety checks. Use only in fully automated, sandboxed environments." }, { "title": "Session Security", "body": "Time-bounded (30 min default, auto-expiry)\nIsolated work directories (UUID-based)\nIncognito mode (no persistent profile) — default\nChrome profile support (your cookies, logins, extensions) — opt-in via --profile\nSecure cleanup (overwrite + delete)\nNetwork restrictions (block localhost/private IPs)" }, { "title": "Audit Trail", "body": "{\n \"event\": \"BROWSER_SECURE_SESSION\",\n \"sessionId\": \"bs-20260211054500-abc123\",\n \"site\": \"nytimes.com\",\n \"actions\": [...],\n \"chainHash\": \"sha256:...\"\n}" }, { "title": "Environment Variables", "body": "VariablePurposeBROWSER_SECURE_CONFIGConfig file pathBW_CLIENTIDBitwarden API key ID (for automation)BW_CLIENTSECRETBitwarden API key secret (for automation)BW_PASSWORDBitwarden master password (alternative)BW_SESSIONBitwarden session token (legacy)OP_SERVICE_ACCOUNT_TOKEN1Password service accountBROWSER_SECURE_{SITE}_PASSWORDEnv-based credentials" }, { "title": "Comparison with browser-automation", "body": "Featurebrowser-automationbrowser-secureCredentialsCLI (exposed)Vault-backedChrome Profiles❌ No✅ Yes (with cookies/logins)ApprovalNoneTiered gatesAuditNoneFull trailSession timeoutNone30 min defaultNetworkUnrestrictedAllow-listBest forQuick tasksSensitive/authenticated" }, { "title": "Troubleshooting", "body": "Chrome keychain prompt on first run: This is normal! When Playwright launches Chrome for the first time, macOS asks if Chrome can access your keychain. You can click \"Deny\" since browser-secure manages credentials through your vault, not Chrome's built-in storage.\n\nVault not found: Install the CLI for your preferred vault:\n\nBitwarden: brew install bitwarden-cli\n1Password: brew install 1password-cli\n\nBitwarden \"Vault is locked\":\n\nIf using .env file: Check that BW_CLIENTID and BW_CLIENTSECRET are set correctly\nOr run: export BW_SESSION=$(bw unlock --raw)\n\nBitwarden API key not working: Ensure your API key has access to the vault items you need. API keys are created at: https://vault.bitwarden.com/#/settings/security/keys\n\nSite not configured: Use --auto-vault for interactive setup, or add manually to ~/.browser-secure/config.yaml\n\nSession expired: Default 30-minute TTL, restart with --timeout\n\nApproval required: Use -y for non-interactive (careful!)\n\nProfile not found: Run browser-secure navigate https://example.com --list-profiles to see available profiles\n\nChrome profile in use: Close Chrome before using --profile option (Chrome locks profile when running)" } ], "body": "Browser Secure\n\nSecure browser automation with vault-backed credentials, approval gates, and audit trails.\n\nPhilosophy\n\n\"Never trust, always verify, encrypt everything, audit all actions\"\n\nQuick Start\n# Open the welcome page (default when no URL provided)\nbrowser-secure navigate\n\n# Navigate to a public site\nbrowser-secure navigate https://example.com\n\n# Navigate with auto-vault credential discovery\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault\n\n# Navigate to an authenticated site (pre-configured)\nbrowser-secure navigate https://nytimes.com --site=nytimes\n\n# Perform actions (fully automated)\nbrowser-secure act \"click the login button\"\nbrowser-secure extract \"get the article headlines\"\n\n# Use interactive mode (with approval prompts)\nbrowser-secure navigate https://bank.com --interactive\n\n# Close and cleanup\nbrowser-secure close\n\nAuto-Vault Credential Discovery\n\nThe --auto-vault flag enables interactive credential discovery from your password manager:\n\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault\n\n\nThis will:\n\nExtract the domain from the URL (app.neilpatel.com → neilpatel)\nSearch Bitwarden first (free, default), then 1Password if available\nPresent matching items interactively:\n🔍 Auto-discovering credentials for app.neilpatel.com...\n\n📋 Found 2 matching credential(s) in Bitwarden:\n\n 1) Neil Patel Account\n Username: user@example.com\n 2) Ubersuggest API Key\n\n n) None of these - try another vault\n m) Manually enter credentials\n\nSelect credential to use (1-2, n, or m): 1\n🔐 Retrieving credentials for neilpatel...\n\nSave this credential mapping for future use? (y/n): y\n✅ Saved credential mapping for \"neilpatel\" to ~/.browser-secure/config.yaml\n Default vault provider set to: Bitwarden\n\n\nAfter saving, you can use the simpler command next time:\n\nbrowser-secure navigate https://app.neilpatel.com/ --site=neilpatel\n\nProfile Management\n\nCreate isolated Chrome profiles for secure automation with automatic welcome page setup:\n\n# Create a new profile with welcome page\nbrowser-secure profile --create \"Funny Name\"\n\n# Create and immediately launch Chrome\nbrowser-secure profile --create \"The Crustacean Station 🦞\" --launch\n\n# List all Chrome profiles\nbrowser-secure profile --list\n\nWhat the Welcome Page Includes\n\nWhen you create a new profile, it opens with a custom welcome page that guides you through:\n\n📖 Why This Profile Exists - Explains the isolated automation concept\n🔌 Required Extensions - Direct links to install:\nBitwarden password manager\nOpenClaw Browser Relay\n🗝️ Vault Setup - Step-by-step for Bitwarden or 1Password\n✅ Setup Checklist - Interactive checklist to track progress\n🛡️ Security Info - \"Your vault is secure\" messaging with key features\nWhy Separate Profiles?\nAspect\tPersonal Profile\tAutomation Profile\nExtensions\tYour personal ones\tOnly automation extensions\nCookies\tPersonal logins\tIsolated session state\nSecurity\tShared with daily browsing\tLocked down, audited\nCleanup\tManual\tAutomatic session timeout\nChrome Profile Support\n\nBrowser Secure can use your existing Chrome profiles, giving you access to saved cookies, session state, and existing website logins.\n\nList Available Profiles\nbrowser-secure navigate https://example.com --list-profiles\n\n\nOutput:\n\n📋 Available Chrome profiles:\n\n 1. Person 1 ★\n ID: Default\n Path: /Users/river/Library/Application Support/Google/Chrome/Default\n\n 2. Work\n ID: Profile 1\n Path: /Users/river/Library/Application Support/Google/Chrome/Profile 1\n\nUse a Specific Profile\n# By profile ID\nbrowser-secure navigate https://gmail.com --profile \"Default\"\nbrowser-secure navigate https://gmail.com --profile \"Profile 1\"\n\n# Interactively select\nbrowser-secure navigate https://gmail.com --profile select\n\nProfile vs Incognito Mode\nMode\tCookies\tLogins\tExtensions\tUse Case\nIncognito (default)\t❌ None\t❌ None\t❌ None\tSecure, isolated testing\nChrome Profile\t✅ Yes\t✅ Yes\t✅ Yes\tAccess existing sessions\n\nSecurity Note: Browser Secure creates isolated profiles for automation without modifying your existing Chrome profiles. When using --profile, it reads from (but does not write to) existing profiles.\n\nSetup\nOption 1: Install via Clawdbot (Recommended)\n\nThe easiest way—just ask Clawdbot:\n\nHey Clawdbot, install browser-secure for me\n\n\nClawdbot will handle everything: check prerequisites, auto-install dependencies, build, and configure.\n\nOption 2: Install from GitHub\n# Clone and install\ncurl -fsSL https://raw.githubusercontent.com/openclaw/openclaw/main/scripts/install-browser-secure.sh | bash\n\nOption 3: Manual Setup (Advanced)\n\nIf you prefer full control or are developing on the tool:\n\n# Clone the repository\ngit clone https://github.com/openclaw/openclaw.git\ncd openclaw/skills/browser-secure\n\n# Run interactive setup\nnpm run setup\n\n\nThis will:\n\n✅ Check prerequisites (Node.js 18+, Chrome)\n📦 Auto-install missing dependencies (Playwright browsers, optional vault CLIs)\n🔨 Build and link the CLI globally\n📝 Create default configuration\nWhat Gets Auto-Installed\n\nThe setup automatically handles:\n\nPlaywright Chromium - Required browser binary (~50MB)\nBitwarden CLI - If brew is available (recommended vault)\n1Password CLI - If brew is available (optional)\nConfigure Vault (Optional)\n\nAfter setup, configure your preferred vault using environment variables (recommended) or direct CLI login:\n\nOption A: .env File (Convenience for Automation)\n\n⚠️ Security Note: .env files store credentials in plaintext. Only use this on trusted, private machines. Vault integration (Bitwarden/1Password) is the recommended secure approach.\n\ncd ~/.openclaw/workspace/skills/browser-secure\ncp .env.example .env\n# Edit .env with your credentials\n\n\nFull Automation (API Key + Password):\n\n# .env - For fully automated vault access\nBW_CLIENTID=user.xxx-xxx\nBW_CLIENTSECRET=your-secret-here\nBW_PASSWORD=your-master-password\n\n\nHow it works:\n\nBW_CLIENTID/BW_CLIENTSECRET → Authenticates with Bitwarden (replaces username/password)\nBW_PASSWORD → Decrypts your vault (required for automated access)\n\nAlternative: Session Token\n\n# If you prefer not to store your master password:\nexport BW_SESSION=$(bw unlock --raw)\n# Then add to .env:\n# BW_SESSION=xxx...\n\nOption B: Direct CLI Login\n# Bitwarden (recommended - free)\nbrew install bitwarden-cli # if not auto-installed\nbw login\nexport BW_SESSION=$(bw unlock --raw)\n\n# 1Password (if you have a subscription)\nbrew install 1password-cli # if not auto-installed\nop signin\n\n# Test vault access\nbrowser-secure vault --list\n\nVerify Installation\nbrowser-secure --version\nbrowser-secure navigate https://example.com\nbrowser-secure screenshot\nbrowser-secure close\n\nVault Providers\nBitwarden (Default, Free) ⭐\n\nRecommended — free for personal use, open source, cross-platform.\n\n# Install\nbrew install bitwarden-cli\n\n# Setup .env file\ncd ~/.openclaw/workspace/skills/browser-secure\ncp .env.example .env\n# Edit .env and add:\n# BW_CLIENTID=your-api-key-id\n# BW_CLIENTSECRET=your-api-key-secret \n# BW_PASSWORD=your-master-password\n\n# Use - credentials auto-loaded from .env\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault\n\n\nAuthentication vs Unlock:\n\nAPI Key (BW_CLIENTID/BW_CLIENTSECRET) → Logs you into Bitwarden\nMaster Password (BW_PASSWORD) → Decrypts your vault contents\nBoth are needed for fully automated workflows\n\nGet API Key: https://vault.bitwarden.com/#/settings/security/keys\n\n1Password (Paid)\n\nAlternative — if you already have a 1Password subscription.\n\n# Install\nbrew install 1password-cli\n\n# Login\nop signin\neval $(op signin)\n\n# Use\nbrowser-secure navigate https://app.neilpatel.com/ --auto-vault\n\nmacOS Keychain (Local)\n\nFallback — store credentials in macOS Keychain (no cloud sync).\n\nEnvironment Variables\n\nEmergency fallback — set credentials via env vars:\n\nexport BROWSER_SECURE_NEILPATEL_USERNAME=\"user@example.com\"\nexport BROWSER_SECURE_NEILPATEL_PASSWORD=\"secret\"\nbrowser-secure navigate https://app.neilpatel.com/\n\nCommands\nCommand\tDescription\nnavigate\tOpen welcome page (default when no URL provided)\nnavigate \tNavigate to a URL\nnavigate --profile \tUse specific Chrome profile\nnavigate --profile select\tInteractively choose Chrome profile\nnavigate --list-profiles\tList available Chrome profiles\nnavigate --auto-vault\tAuto-discover credentials (Bitwarden → 1Password → manual)\nnavigate --site=\tUse pre-configured site credentials\nprofile --create \tCreate new Chrome profile with welcome page\nprofile --create --launch\tCreate profile and launch Chrome\nprofile --list\tList all Chrome profiles\nact \"\"\tNatural language action\nextract \"\"\tExtract data from page\nscreenshot\tTake screenshot\nclose\tClose browser and cleanup\nstatus\tShow session status\naudit\tView audit logs\nWelcome Page (Default)\n\nWhen you run browser-secure navigate without a URL, it opens the welcome page located at:\n\n~/.openclaw/workspace/skills/browser-secure/assets/welcome.html\n\n\nThe welcome page provides:\n\n📖 Onboarding guide — Why browser-secure exists and how it works\n🔌 Extension links — Direct install for Bitwarden and OpenClaw Browser Relay\n🗝️ Vault setup — Step-by-step for Bitwarden or 1Password\n✅ Setup checklist — Interactive checklist to track progress\n🛡️ Security info — \"Your vault is secure\" messaging with key features\n\nPro tip: Use the welcome page as your starting point for new profiles:\n\n# Create a profile, then immediately open welcome page\nbrowser-secure profile --create \"Work Automation\" --launch\n# Then in another terminal:\nbrowser-secure navigate # Opens welcome page in the active session\n\nApproval Modes (Hybrid Design)\n\nbrowser-secure operates in unattended mode by default, making it ideal for agent automation while preserving safety guardrails.\n\nDefault Mode: Unattended (Automation-First)\n# All commands run unattended by default - no interactive prompts\nbrowser-secure navigate https://example.com\nbrowser-secure act \"fill the search form\"\nbrowser-secure extract \"get all links\"\n\n\nIn this mode:\n\n✅ All non-destructive actions execute immediately\n✅ Credentials auto-injected from vault\n✅ Audit trail written automatically\n⚠️ Destructive actions (delete, purchase) require --skip-approval or --interactive\nInteractive Mode (Human-in-the-Loop)\n\nFor sensitive operations, use --interactive to enable approval prompts:\n\n# Enable tiered approval gates\nbrowser-secure navigate https://bank.com --interactive\n\n# Approve individual actions\nbrowser-secure act \"transfer $1000\" --interactive\n\n\nApproval tiers in interactive mode:\n\nTier\tActions\tApproval\nRead-only\tnavigate, screenshot, extract\tNone\nForm fill\ttype, select, click\tPrompt\nAuthentication\tfill_password, submit_login\tAlways\nDestructive\tdelete, purchase\t2FA required\nForce Override (Emergency)\n# Skip ALL approvals including destructive (DANGEROUS)\nbrowser-secure act \"delete account\" --skip-approval\n\n\n⚠️ Warning: --skip-approval bypasses all safety checks. Use only in fully automated, sandboxed environments.\n\nSession Security\nTime-bounded (30 min default, auto-expiry)\nIsolated work directories (UUID-based)\nIncognito mode (no persistent profile) — default\nChrome profile support (your cookies, logins, extensions) — opt-in via --profile\nSecure cleanup (overwrite + delete)\nNetwork restrictions (block localhost/private IPs)\nAudit Trail\n{\n \"event\": \"BROWSER_SECURE_SESSION\",\n \"sessionId\": \"bs-20260211054500-abc123\",\n \"site\": \"nytimes.com\",\n \"actions\": [...],\n \"chainHash\": \"sha256:...\"\n}\n\nEnvironment Variables\nVariable\tPurpose\nBROWSER_SECURE_CONFIG\tConfig file path\nBW_CLIENTID\tBitwarden API key ID (for automation)\nBW_CLIENTSECRET\tBitwarden API key secret (for automation)\nBW_PASSWORD\tBitwarden master password (alternative)\nBW_SESSION\tBitwarden session token (legacy)\nOP_SERVICE_ACCOUNT_TOKEN\t1Password service account\nBROWSER_SECURE_{SITE}_PASSWORD\tEnv-based credentials\nComparison with browser-automation\nFeature\tbrowser-automation\tbrowser-secure\nCredentials\tCLI (exposed)\tVault-backed\nChrome Profiles\t❌ No\t✅ Yes (with cookies/logins)\nApproval\tNone\tTiered gates\nAudit\tNone\tFull trail\nSession timeout\tNone\t30 min default\nNetwork\tUnrestricted\tAllow-list\nBest for\tQuick tasks\tSensitive/authenticated\nTroubleshooting\n\nChrome keychain prompt on first run: This is normal! When Playwright launches Chrome for the first time, macOS asks if Chrome can access your keychain. You can click \"Deny\" since browser-secure manages credentials through your vault, not Chrome's built-in storage.\n\nVault not found: Install the CLI for your preferred vault:\n\nBitwarden: brew install bitwarden-cli\n1Password: brew install 1password-cli\n\nBitwarden \"Vault is locked\":\n\nIf using .env file: Check that BW_CLIENTID and BW_CLIENTSECRET are set correctly\nOr run: export BW_SESSION=$(bw unlock --raw)\n\nBitwarden API key not working: Ensure your API key has access to the vault items you need. API keys are created at: https://vault.bitwarden.com/#/settings/security/keys\n\nSite not configured: Use --auto-vault for interactive setup, or add manually to ~/.browser-secure/config.yaml\n\nSession expired: Default 30-minute TTL, restart with --timeout\n\nApproval required: Use -y for non-interactive (careful!)\n\nProfile not found: Run browser-secure navigate https://example.com --list-profiles to see available profiles\n\nChrome profile in use: Close Chrome before using --profile option (Chrome locks profile when running)" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/riverho/browser-secure", "publisherUrl": "https://clawhub.ai/riverho/browser-secure", "owner": "riverho", "version": "1.0.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/browser-secure", "downloadUrl": "https://openagent3.xyz/downloads/browser-secure", "agentUrl": "https://openagent3.xyz/skills/browser-secure/agent", "manifestUrl": "https://openagent3.xyz/skills/browser-secure/agent.json", "briefUrl": "https://openagent3.xyz/skills/browser-secure/agent.md" } }