# Send Browser Secure to your agent
Use the source page and any available docs to guide the install because the item is currently unstable or timing out.
## Fast path
- Open the source page via Review source status.
- If you can obtain the package, extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the source page and extracted files.
## Suggested prompts
### New install

```text
I tried to install a skill package from Yavira, but the item is currently unstable or timing out. Inspect the source page and any extracted docs, then tell me what you can confirm and any manual steps still required. Then review README.md for any prerequisites, environment setup, or post-install checks.
```
### Upgrade existing

```text
I tried to upgrade a skill package from Yavira, but the item is currently unstable or timing out. Compare the source page and any extracted docs with my current installation, then summarize what changed and what manual follow-up I still need. Then review README.md for any prerequisites, environment setup, or post-install checks.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "browser-secure",
    "name": "Browser Secure",
    "source": "tencent",
    "type": "skill",
    "category": "开发工具",
    "sourceUrl": "https://clawhub.ai/riverho/browser-secure",
    "canonicalUrl": "https://clawhub.ai/riverho/browser-secure",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/browser-secure",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=browser-secure",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "setup.json",
      "README.md",
      "package-lock.json",
      "package.json",
      "SKILL.md",
      "tsconfig.json"
    ],
    "downloadMode": "manual_only",
    "sourceHealth": {
      "source": "tencent",
      "slug": "browser-secure",
      "status": "unstable",
      "reason": "timeout",
      "recommendedAction": "retry_later",
      "checkedAt": "2026-05-01T02:38:47.569Z",
      "expiresAt": "2026-05-01T14:38:47.569Z",
      "httpStatus": null,
      "finalUrl": null,
      "contentType": null,
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=browser-secure",
        "error": "Timed out after 5000ms",
        "slug": "browser-secure"
      },
      "scope": "item",
      "summary": "Item is unstable.",
      "detail": "This item is timing out or returning errors right now. Review the source page and try again later.",
      "primaryActionLabel": "Review source status",
      "primaryActionHref": "https://clawhub.ai/riverho/browser-secure"
    },
    "validation": {
      "installChecklist": [
        "Wait for the source to recover or retry later.",
        "Review SKILL.md only after the download returns a real package.",
        "Treat this source as transient until the upstream errors clear."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/browser-secure",
    "downloadUrl": "https://openagent3.xyz/downloads/browser-secure",
    "agentUrl": "https://openagent3.xyz/skills/browser-secure/agent",
    "manifestUrl": "https://openagent3.xyz/skills/browser-secure/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/browser-secure/agent.md"
  }
}
```
## Documentation

### Browser Secure

Secure browser automation with vault-backed credentials, approval gates, and audit trails.

### Philosophy

"Never trust, always verify, encrypt everything, audit all actions"

### Quick Start

# Open the welcome page (default when no URL provided)
browser-secure navigate

# Navigate to a public site
browser-secure navigate https://example.com

# Navigate with auto-vault credential discovery
browser-secure navigate https://app.neilpatel.com/ --auto-vault

# Navigate to an authenticated site (pre-configured)
browser-secure navigate https://nytimes.com --site=nytimes

# Perform actions (fully automated)
browser-secure act "click the login button"
browser-secure extract "get the article headlines"

# Use interactive mode (with approval prompts)
browser-secure navigate https://bank.com --interactive

# Close and cleanup
browser-secure close

### Auto-Vault Credential Discovery

The --auto-vault flag enables interactive credential discovery from your password manager:

browser-secure navigate https://app.neilpatel.com/ --auto-vault

This will:

Extract the domain from the URL (app.neilpatel.com → neilpatel)
Search Bitwarden first (free, default), then 1Password if available
Present matching items interactively:

🔍 Auto-discovering credentials for app.neilpatel.com...

📋 Found 2 matching credential(s) in Bitwarden:

  1) Neil Patel Account
     Username: user@example.com
  2) Ubersuggest API Key

  n) None of these - try another vault
  m) Manually enter credentials

Select credential to use (1-2, n, or m): 1
🔐 Retrieving credentials for neilpatel...

Save this credential mapping for future use? (y/n): y
✅ Saved credential mapping for "neilpatel" to ~/.browser-secure/config.yaml
   Default vault provider set to: Bitwarden

After saving, you can use the simpler command next time:

browser-secure navigate https://app.neilpatel.com/ --site=neilpatel

### Profile Management

Create isolated Chrome profiles for secure automation with automatic welcome page setup:

# Create a new profile with welcome page
browser-secure profile --create "Funny Name"

# Create and immediately launch Chrome
browser-secure profile --create "The Crustacean Station 🦞" --launch

# List all Chrome profiles
browser-secure profile --list

### What the Welcome Page Includes

When you create a new profile, it opens with a custom welcome page that guides you through:

📖 Why This Profile Exists - Explains the isolated automation concept
🔌 Required Extensions - Direct links to install:

Bitwarden password manager
OpenClaw Browser Relay


🗝️ Vault Setup - Step-by-step for Bitwarden or 1Password
✅ Setup Checklist - Interactive checklist to track progress
🛡️ Security Info - "Your vault is secure" messaging with key features

### Why Separate Profiles?

AspectPersonal ProfileAutomation ProfileExtensionsYour personal onesOnly automation extensionsCookiesPersonal loginsIsolated session stateSecurityShared with daily browsingLocked down, auditedCleanupManualAutomatic session timeout

### Chrome Profile Support

Browser Secure can use your existing Chrome profiles, giving you access to saved cookies, session state, and existing website logins.

### List Available Profiles

browser-secure navigate https://example.com --list-profiles

Output:

📋 Available Chrome profiles:

  1. Person 1 ★
     ID: Default
     Path: /Users/river/Library/Application Support/Google/Chrome/Default

  2. Work
     ID: Profile 1
     Path: /Users/river/Library/Application Support/Google/Chrome/Profile 1

### Use a Specific Profile

# By profile ID
browser-secure navigate https://gmail.com --profile "Default"
browser-secure navigate https://gmail.com --profile "Profile 1"

# Interactively select
browser-secure navigate https://gmail.com --profile select

### Profile vs Incognito Mode

ModeCookiesLoginsExtensionsUse CaseIncognito (default)❌ None❌ None❌ NoneSecure, isolated testingChrome Profile✅ Yes✅ Yes✅ YesAccess existing sessions

Security Note: Browser Secure creates isolated profiles for automation without modifying your existing Chrome profiles. When using --profile, it reads from (but does not write to) existing profiles.

### Option 1: Install via Clawdbot (Recommended)

The easiest way—just ask Clawdbot:

Hey Clawdbot, install browser-secure for me

Clawdbot will handle everything: check prerequisites, auto-install dependencies, build, and configure.

### Option 2: Install from GitHub

# Clone and install
curl -fsSL https://raw.githubusercontent.com/openclaw/openclaw/main/scripts/install-browser-secure.sh | bash

### Option 3: Manual Setup (Advanced)

If you prefer full control or are developing on the tool:

# Clone the repository
git clone https://github.com/openclaw/openclaw.git
cd openclaw/skills/browser-secure

# Run interactive setup
npm run setup

This will:

✅ Check prerequisites (Node.js 18+, Chrome)
📦 Auto-install missing dependencies (Playwright browsers, optional vault CLIs)
🔨 Build and link the CLI globally
📝 Create default configuration

### What Gets Auto-Installed

The setup automatically handles:

Playwright Chromium - Required browser binary (~50MB)
Bitwarden CLI - If brew is available (recommended vault)
1Password CLI - If brew is available (optional)

### Configure Vault (Optional)

After setup, configure your preferred vault using environment variables (recommended) or direct CLI login:

Option A: .env File (Convenience for Automation)

⚠️ Security Note: .env files store credentials in plaintext. Only use this on trusted, private machines. Vault integration (Bitwarden/1Password) is the recommended secure approach.

cd ~/.openclaw/workspace/skills/browser-secure
cp .env.example .env
# Edit .env with your credentials

Full Automation (API Key + Password):

# .env - For fully automated vault access
BW_CLIENTID=user.xxx-xxx
BW_CLIENTSECRET=your-secret-here
BW_PASSWORD=your-master-password

How it works:

BW_CLIENTID/BW_CLIENTSECRET → Authenticates with Bitwarden (replaces username/password)
BW_PASSWORD → Decrypts your vault (required for automated access)

Alternative: Session Token

# If you prefer not to store your master password:
export BW_SESSION=$(bw unlock --raw)
# Then add to .env:
# BW_SESSION=xxx...

Option B: Direct CLI Login

# Bitwarden (recommended - free)
brew install bitwarden-cli  # if not auto-installed
bw login
export BW_SESSION=$(bw unlock --raw)

# 1Password (if you have a subscription)
brew install 1password-cli  # if not auto-installed
op signin

# Test vault access
browser-secure vault --list

### Verify Installation

browser-secure --version
browser-secure navigate https://example.com
browser-secure screenshot
browser-secure close

### Bitwarden (Default, Free) ⭐

Recommended — free for personal use, open source, cross-platform.

# Install
brew install bitwarden-cli

# Setup .env file
cd ~/.openclaw/workspace/skills/browser-secure
cp .env.example .env
# Edit .env and add:
#   BW_CLIENTID=your-api-key-id
#   BW_CLIENTSECRET=your-api-key-secret  
#   BW_PASSWORD=your-master-password

# Use - credentials auto-loaded from .env
browser-secure navigate https://app.neilpatel.com/ --auto-vault

Authentication vs Unlock:

API Key (BW_CLIENTID/BW_CLIENTSECRET) → Logs you into Bitwarden
Master Password (BW_PASSWORD) → Decrypts your vault contents
Both are needed for fully automated workflows

Get API Key: https://vault.bitwarden.com/#/settings/security/keys

### 1Password (Paid)

Alternative — if you already have a 1Password subscription.

# Install
brew install 1password-cli

# Login
op signin
eval $(op signin)

# Use
browser-secure navigate https://app.neilpatel.com/ --auto-vault

### macOS Keychain (Local)

Fallback — store credentials in macOS Keychain (no cloud sync).

### Environment Variables

Emergency fallback — set credentials via env vars:

export BROWSER_SECURE_NEILPATEL_USERNAME="user@example.com"
export BROWSER_SECURE_NEILPATEL_PASSWORD="secret"
browser-secure navigate https://app.neilpatel.com/

### Commands

CommandDescriptionnavigateOpen welcome page (default when no URL provided)navigate <url>Navigate to a URLnavigate <url> --profile <id>Use specific Chrome profilenavigate <url> --profile selectInteractively choose Chrome profilenavigate <url> --list-profilesList available Chrome profilesnavigate <url> --auto-vaultAuto-discover credentials (Bitwarden → 1Password → manual)navigate <url> --site=<name>Use pre-configured site credentialsprofile --create <name>Create new Chrome profile with welcome pageprofile --create <name> --launchCreate profile and launch Chromeprofile --listList all Chrome profilesact "<instruction>"Natural language actionextract "<instruction>"Extract data from pagescreenshotTake screenshotcloseClose browser and cleanupstatusShow session statusauditView audit logs

### Welcome Page (Default)

When you run browser-secure navigate without a URL, it opens the welcome page located at:

~/.openclaw/workspace/skills/browser-secure/assets/welcome.html

The welcome page provides:

📖 Onboarding guide — Why browser-secure exists and how it works
🔌 Extension links — Direct install for Bitwarden and OpenClaw Browser Relay
🗝️ Vault setup — Step-by-step for Bitwarden or 1Password
✅ Setup checklist — Interactive checklist to track progress
🛡️ Security info — "Your vault is secure" messaging with key features

Pro tip: Use the welcome page as your starting point for new profiles:

# Create a profile, then immediately open welcome page
browser-secure profile --create "Work Automation" --launch
# Then in another terminal:
browser-secure navigate  # Opens welcome page in the active session

### Approval Modes (Hybrid Design)

browser-secure operates in unattended mode by default, making it ideal for agent automation while preserving safety guardrails.

### Default Mode: Unattended (Automation-First)

# All commands run unattended by default - no interactive prompts
browser-secure navigate https://example.com
browser-secure act "fill the search form"
browser-secure extract "get all links"

In this mode:

✅ All non-destructive actions execute immediately
✅ Credentials auto-injected from vault
✅ Audit trail written automatically
⚠️ Destructive actions (delete, purchase) require --skip-approval or --interactive

### Interactive Mode (Human-in-the-Loop)

For sensitive operations, use --interactive to enable approval prompts:

# Enable tiered approval gates
browser-secure navigate https://bank.com --interactive

# Approve individual actions
browser-secure act "transfer $1000" --interactive

Approval tiers in interactive mode:

TierActionsApprovalRead-onlynavigate, screenshot, extractNoneForm filltype, select, clickPromptAuthenticationfill_password, submit_loginAlwaysDestructivedelete, purchase2FA required

### Force Override (Emergency)

# Skip ALL approvals including destructive (DANGEROUS)
browser-secure act "delete account" --skip-approval

⚠️ Warning: --skip-approval bypasses all safety checks. Use only in fully automated, sandboxed environments.

### Session Security

Time-bounded (30 min default, auto-expiry)
Isolated work directories (UUID-based)
Incognito mode (no persistent profile) — default
Chrome profile support (your cookies, logins, extensions) — opt-in via --profile
Secure cleanup (overwrite + delete)
Network restrictions (block localhost/private IPs)

### Audit Trail

{
  "event": "BROWSER_SECURE_SESSION",
  "sessionId": "bs-20260211054500-abc123",
  "site": "nytimes.com",
  "actions": [...],
  "chainHash": "sha256:..."
}

### Environment Variables

VariablePurposeBROWSER_SECURE_CONFIGConfig file pathBW_CLIENTIDBitwarden API key ID (for automation)BW_CLIENTSECRETBitwarden API key secret (for automation)BW_PASSWORDBitwarden master password (alternative)BW_SESSIONBitwarden session token (legacy)OP_SERVICE_ACCOUNT_TOKEN1Password service accountBROWSER_SECURE_{SITE}_PASSWORDEnv-based credentials

### Comparison with browser-automation

Featurebrowser-automationbrowser-secureCredentialsCLI (exposed)Vault-backedChrome Profiles❌ No✅ Yes (with cookies/logins)ApprovalNoneTiered gatesAuditNoneFull trailSession timeoutNone30 min defaultNetworkUnrestrictedAllow-listBest forQuick tasksSensitive/authenticated

### Troubleshooting

Chrome keychain prompt on first run: This is normal! When Playwright launches Chrome for the first time, macOS asks if Chrome can access your keychain. You can click "Deny" since browser-secure manages credentials through your vault, not Chrome's built-in storage.

Vault not found: Install the CLI for your preferred vault:

Bitwarden: brew install bitwarden-cli
1Password: brew install 1password-cli

Bitwarden "Vault is locked":

If using .env file: Check that BW_CLIENTID and BW_CLIENTSECRET are set correctly
Or run: export BW_SESSION=$(bw unlock --raw)

Bitwarden API key not working: Ensure your API key has access to the vault items you need. API keys are created at: https://vault.bitwarden.com/#/settings/security/keys

Site not configured: Use --auto-vault for interactive setup, or add manually to ~/.browser-secure/config.yaml

Session expired: Default 30-minute TTL, restart with --timeout

Approval required: Use -y for non-interactive (careful!)

Profile not found: Run browser-secure navigate https://example.com --list-profiles to see available profiles

Chrome profile in use: Close Chrome before using --profile option (Chrome locks profile when running)
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: riverho
- Version: 1.0.1
## Source health
- Status: unstable
- Item is unstable.
- This item is timing out or returning errors right now. Review the source page and try again later.
- Health scope: item
- Reason: timeout
- Checked at: 2026-05-01T02:38:47.569Z
- Expires at: 2026-05-01T14:38:47.569Z
- Recommended action: Review source status
## Links
- [Detail page](https://openagent3.xyz/skills/browser-secure)
- [Send to Agent page](https://openagent3.xyz/skills/browser-secure/agent)
- [JSON manifest](https://openagent3.xyz/skills/browser-secure/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/browser-secure/agent.md)
- [Download page](https://openagent3.xyz/downloads/browser-secure)