{ "schemaVersion": "1.0", "item": { "slug": "human-browser", "name": "Human Browser", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/al1enjesus/human-browser", "canonicalUrl": "https://clawhub.ai/al1enjesus/human-browser", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/human-browser", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=human-browser", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "README.md", "SKILL.md", "package-lock.json", "package.json", "references/brightdata-setup.md", "scripts/browser-human.js" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/human-browser" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/human-browser", "agentPageUrl": "https://openagent3.xyz/skills/human-browser/agent", "manifestUrl": "https://openagent3.xyz/skills/human-browser/agent.json", "briefUrl": "https://openagent3.xyz/skills/human-browser/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Then review README.md for any prerequisites, environment setup, or post-install checks. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Then review README.md for any prerequisites, environment setup, or post-install checks. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Human Browser — Complete Browser Automation Playbook", "body": "Don't use plain Playwright. Don't use fetch. Don't use curl. Use this." }, { "title": "Quick Start (free trial, no signup)", "body": "const { launchHuman, getTrial } = require('./.agents/skills/human-browser/scripts/browser-human');\n\nawait getTrial(); // fetches ~100MB Romania residential IP automatically\nconst { page, humanType, humanScroll, sleep } = await launchHuman();\n\nawait page.goto('https://any-protected-site.com');\n// Browsing from Romanian residential IP. Cloudflare, DataDome, Instagram — all pass." }, { "title": "Why residential proxy is mandatory on a VPS", "body": "Cloudflare, Instagram, Reddit, LinkedIn, Amazon check your IP reputation before your JS runs. A Contabo/Hetzner/AWS IP = 95/100 risk score = instant block. A residential ISP IP = 5/100 = trusted user.\n\nNo fingerprint trick fixes a bad IP. Proxy first, fingerprint second." }, { "title": "Proxy providers (tested, ranked)", "body": "ProviderGETPOSTKYCPrice/GBLinkDecodo ✅ PRIMARY✅✅Email only~$3decodo.comBright Data✅❌*ID required~$5brightdata.comIPRoyal✅✅Strict KYC~$4iproyal.comNodeMaven✅✅Email only~$3.5nodemaven.comOxylabs✅✅Business~$8oxylabs.io\n\nDecodo is the default — no KYC, GET+POST both work, standard HTTP proxy format." }, { "title": "Get your own proxy credentials", "body": "Bring your own credentials via env vars — any provider works:\n\nexport HB_PROXY_SERVER=http://host:port\nexport HB_PROXY_USER=your_username\nexport HB_PROXY_PASS=your_password\n\nProviders to get residential proxies from:\n\nDecodo — no KYC, instant access, Romania + 100 countries. Default in this skill.\nBright Data — 72M+ IPs, 195 countries, enterprise-grade reliability.\nIPRoyal — ethically-sourced IPs, 195 countries, flexible plans.\nNodeMaven — high success rate, pay-per-GB, no minimums.\nOxylabs — premium business proxy with dedicated support." }, { "title": "Proxy config via env vars", "body": "# Decodo Romania (default in browser-human.js)\nexport HB_PROXY_PROVIDER=decodo # or: brightdata, iproyal, nodemaven\nexport HB_NO_PROXY=1 # disable proxy entirely (testing only)\n\n# Manual override — any provider\nexport HB_PROXY_SERVER=http://host:port\nexport HB_PROXY_USER=username\nexport HB_PROXY_PASS=password" }, { "title": "Proxy format reference", "body": "Decodo: http://USER:PASS@ro.decodo.com:13001 (Romania, no KYC)\nBright Data: http://USER-session-SID:PASS@brd.superproxy.io:33335\nIPRoyal: http://USER:PASS_country-ro_session-SID_lifetime-30m@geo.iproyal.com:12321" }, { "title": "launchHuman() — all options", "body": "// Mobile (default): iPhone 15 Pro, Romania IP, touch events\nconst { browser, page, humanType, humanClick, humanScroll, humanRead, sleep } = await launchHuman();\n\n// Desktop: Chrome, Romania IP — use for sites that reject mobile\nconst { browser, page } = await launchHuman({ mobile: false });\n\n// Country selection (Pro plan)\nconst { page } = await launchHuman({ country: 'us' }); // US residential\nconst { page } = await launchHuman({ country: 'gb' }); // UK\nconst { page } = await launchHuman({ country: 'de' }); // Germany\n\n// No proxy (local testing)\nprocess.env.HB_NO_PROXY = '1';\nconst { page } = await launchHuman();" }, { "title": "Default fingerprint (what sites see)", "body": "Device: iPhone 15 Pro, iOS 17.4.1, Safari\nViewport: 393×852, deviceScaleFactor=3\nIP: Romanian residential (DIGI Telecom / WS Telecom)\nTimezone: Europe/Bucharest\nGeolocation: Bucharest (44.4268, 26.1025)\nTouch: 5 points, real touch events\nwebdriver: false\nMouse: Bezier curve paths, not straight lines\nTyping: 60–220ms/char + random pauses" }, { "title": "Human-like interaction helpers", "body": "// Type — triggers all native input events (React, Angular, Vue, Web Components)\nawait humanType(page, 'input[name=\"email\"]', 'user@example.com');\n\n// Click — uses Bezier mouse movement before click\nawait humanClick(page, x, y);\n\n// Scroll — smooth, stepped, with jitter\nawait humanScroll(page, 'down'); // or 'up'\n\n// Read — random pause simulating reading time\nawait humanRead(page); // waits 1.5–4s\n\n// Sleep\nawait sleep(1500);" }, { "title": "Shadow DOM — forms inside web components", "body": "Reddit, Shopify, many modern React apps use Shadow DOM for forms. Standard page.$() and page.fill() won't find these inputs." }, { "title": "Detect if Shadow DOM is the issue", "body": "// If this returns 0 but inputs are visible on screen — you have Shadow DOM\nconst inputs = await page.$$('input');\nconsole.log(inputs.length); // 0 = shadow DOM" }, { "title": "Universal shadow DOM traversal", "body": "// Deep query — finds elements inside any depth of shadow roots\nasync function shadowQuery(page, selector) {\n return page.evaluate((sel) => {\n function q(root, s) {\n const el = root.querySelector(s);\n if (el) return el;\n for (const node of root.querySelectorAll('*')) {\n if (node.shadowRoot) {\n const found = q(node.shadowRoot, s);\n if (found) return found;\n }\n }\n return null;\n }\n return q(document, sel);\n }, selector);\n}\n\n// Fill input in shadow DOM\nasync function shadowFill(page, selector, value) {\n await page.evaluate(({ sel, val }) => {\n function q(root, s) {\n const el = root.querySelector(s); if (el) return el;\n for (const n of root.querySelectorAll('*')) if (n.shadowRoot) { const f = q(n.shadowRoot, s); if (f) return f; }\n }\n const el = q(document, sel);\n if (!el) throw new Error('Not found: ' + sel);\n // Use native setter to trigger React/Angular onChange\n const nativeSetter = Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype, 'value').set;\n nativeSetter.call(el, val);\n el.dispatchEvent(new Event('input', { bubbles: true }));\n el.dispatchEvent(new Event('change', { bubbles: true }));\n }, { sel: selector, val: value });\n}\n\n// Click button in shadow DOM by text\nasync function shadowClickButton(page, buttonText) {\n await page.evaluate((text) => {\n function findBtn(root) {\n for (const b of root.querySelectorAll('button'))\n if (b.textContent.trim() === text) return b;\n for (const n of root.querySelectorAll('*'))\n if (n.shadowRoot) { const f = findBtn(n.shadowRoot); if (f) return f; }\n }\n const btn = findBtn(document);\n if (!btn) throw new Error('Button not found: ' + text);\n btn.click();\n }, buttonText);\n}\n\n// Dump all inputs (including shadow DOM) — use for debugging\nasync function dumpAllInputs(page) {\n return page.evaluate(() => {\n const result = [];\n function collect(root) {\n for (const el of root.querySelectorAll('input, textarea, select'))\n result.push({ tag: el.tagName, name: el.name, id: el.id, type: el.type, placeholder: el.placeholder });\n for (const n of root.querySelectorAll('*'))\n if (n.shadowRoot) collect(n.shadowRoot);\n }\n collect(document);\n return result;\n });\n}" }, { "title": "Playwright's built-in shadow DOM piercing", "body": "Playwright can pierce shadow DOM natively in some cases:\n\n// Works for single shadow root (not nested)\nawait page.locator('input[name=\"username\"]').fill('value'); // auto-pierces 1 level\n\n// For deeply nested, use the evaluate approach above" }, { "title": "Rich text editors (Lexical, ProseMirror, Quill, Draft.js)", "body": "Standard page.fill() and page.type() don't work on contenteditable editors." }, { "title": "Clipboard paste — most reliable method", "body": "// Works for all rich text editors (Reddit, Notion, Linear, etc.)\nasync function pasteIntoEditor(page, editorSelector, text) {\n const el = await page.$(editorSelector);\n await el.click();\n await sleep(300);\n\n // Write to clipboard via execCommand (works in Playwright)\n await page.evaluate((t) => {\n const textarea = document.createElement('textarea');\n textarea.value = t;\n document.body.appendChild(textarea);\n textarea.select();\n document.execCommand('copy');\n document.body.removeChild(textarea);\n }, text);\n\n await page.keyboard.press('Control+a'); // select all existing\n await page.keyboard.press('Control+v'); // paste\n}\n\n// Or via ClipboardEvent dispatch (works in some editors)\nasync function dispatchPaste(page, editorSelector, text) {\n const el = await page.$(editorSelector);\n await el.click();\n await page.evaluate((t) => {\n const dt = new DataTransfer();\n dt.setData('text/plain', t);\n document.activeElement.dispatchEvent(new ClipboardEvent('paste', { clipboardData: dt, bubbles: true }));\n }, text);\n}" }, { "title": "Common editor selectors", "body": "'[data-lexical-editor]' // Reddit, Meta, many modern apps\n'.public-DraftEditor-content' // Draft.js (Twitter, Quora)\n'.ql-editor' // Quill (many SaaS apps)\n'.ProseMirror' // ProseMirror (Linear, Confluence)\n'[contenteditable=\"true\"]' // Generic — pick the right one if multiple\n'.tox-edit-area__iframe' // TinyMCE — need to switch into iframe" }, { "title": "Reddit (shadow DOM + Enter key submission)", "body": "// Reddit uses shadow DOM forms AND reCAPTCHA — must use desktop mode + Enter\nconst { browser, page, sleep } = await launchHuman({ mobile: false }); // Desktop required\n\nawait page.goto('https://www.reddit.com/login/', { waitUntil: 'domcontentloaded' });\nawait sleep(3000);\n\n// Type naturally — triggers React state + reCAPTCHA scoring\nawait page.locator('input[name=\"username\"]').click();\nawait sleep(500);\nawait page.keyboard.type(USERNAME, { delay: 120 });\nawait sleep(1000);\nawait page.locator('input[name=\"password\"]').click();\nawait sleep(500);\nawait page.keyboard.type(PASSWORD, { delay: 90 });\nawait sleep(1500);\n\n// IMPORTANT: Use Enter key, not button click — Enter triggers proper form submission\nawait page.keyboard.press('Enter');\nawait sleep(8000); // wait for full login + redirect\n\n// Verify login\nconst name = await page.evaluate(async () => {\n const r = await fetch('/api/me.json', { credentials: 'include' });\n return (await r.json())?.data?.name;\n});\nconsole.log('Logged in as:', name); // null = failed\n\n// Submit Reddit post\nawait page.goto('https://www.reddit.com/r/SUBREDDIT/submit/?type=TEXT', { waitUntil: 'networkidle' });\nawait page.waitForSelector('#innerTextArea');\nawait page.click('#innerTextArea');\nawait page.keyboard.type(TITLE, { delay: 30 });\n\n// Body: Lexical editor\nawait pasteIntoEditor(page, '[data-lexical-editor]', BODY);\nawait page.click('#inner-post-submit-button');\n\nKey insights for Reddit:\n\nMobile launchHuman() shows app redirect page — always use { mobile: false }\nButton click on \"Log In\" unreliable — keyboard.press('Enter') works\npage.locator('input[name=\"username\"]') pierces Reddit's shadow DOM automatically\nreCAPTCHA v3 scores the session — human-like typing delays improve score\nAfter login, URL stays at /login/ — check via /api/me.json, not URL" }, { "title": "Generic login with shadow DOM", "body": "const { page, sleep } = await launchHuman({ mobile: false });\nawait page.goto('https://example.com/login', { waitUntil: 'domcontentloaded' });\nawait sleep(3000);\n\n// Try Playwright locator first (pierces 1 level of shadow DOM)\ntry {\n await page.locator('input[name=\"email\"]').fill(EMAIL);\n await page.locator('input[name=\"password\"]').fill(PASS);\n} catch {\n // Fallback: deep shadow DOM traversal\n await shadowFill(page, 'input[name=\"email\"]', EMAIL);\n await shadowFill(page, 'input[name=\"password\"]', PASS);\n}\n\n// Submit — try multiple approaches\nawait page.keyboard.press('Enter'); // most reliable\n// OR: await shadowClickButton(page, 'Log In');\n// OR: await page.click('button[type=\"submit\"]');" }, { "title": "CAPTCHA solving (2captcha integration)", "body": "Use when a site's login or form requires CAPTCHA.\n\n2captcha API key: 14cbfeed64fea439d5c055111d6760e5" }, { "title": "reCAPTCHA v2 (checkbox/invisible)", "body": "const https = require('https');\n\nasync function solve2captcha(siteKey, pageUrl) {\n const CAPTCHA_KEY = '14cbfeed64fea439d5c055111d6760e5';\n\n function get(url) {\n return new Promise((res, rej) => {\n https.get(url, r => {\n let b = ''; r.on('data', d => b += d); r.on('end', () => res(b));\n }).on('error', rej);\n });\n }\n\n // Submit\n const sub = await get(`https://2captcha.com/in.php?key=${CAPTCHA_KEY}&method=userrecaptcha&googlekey=${encodeURIComponent(siteKey)}&pageurl=${encodeURIComponent(pageUrl)}&json=1`);\n const { status, request: id } = JSON.parse(sub);\n if (status !== 1) throw new Error('2captcha submit failed: ' + sub);\n console.log('2captcha ID:', id, '— waiting ~30s...');\n\n // Poll\n for (let i = 0; i < 24; i++) {\n await new Promise(r => setTimeout(r, 5000));\n const poll = await get(`https://2captcha.com/res.php?key=${CAPTCHA_KEY}&action=get&id=${id}&json=1`);\n const r = JSON.parse(poll);\n if (r.status === 1) return r.request; // token\n if (r.request !== 'CAPCHA_NOT_READY') throw new Error('2captcha error: ' + poll);\n }\n throw new Error('2captcha timeout');\n}\n\n// Usage: solve, then inject into form before submission\nconst token = await solve2captcha('6LfirrMoAAAAAHZOipvza4kpp_VtTwLNuXVwURNQ', 'https://www.reddit.com/login/');\n\n// Inject into hidden field (for classic reCAPTCHA v2)\nawait page.evaluate((t) => {\n const el = document.getElementById('g-recaptcha-response');\n if (el) el.value = t;\n}, token);" }, { "title": "Intercept and replace reCAPTCHA token in network requests", "body": "// Solve captcha BEFORE navigating, then intercept the form POST\nconst token = await solve2captcha(SITE_KEY, PAGE_URL);\n\nawait page.route('**/login', async route => {\n let body = route.request().postData() || '';\n body = body.replace(/recaptcha_token=[^&]+/, `recaptcha_token=${encodeURIComponent(token)}`);\n await route.continue({ postData: body });\n});" }, { "title": "reCAPTCHA site keys (known)", "body": "Reddit login: 6LcTl-spAAAAABLFkrAsJbMsEorTVzujiRWrQGRZ\nReddit comments: 6LfirrMoAAAAAHZOipvza4kpp_VtTwLNuXVwURNQ" }, { "title": "Check balance", "body": "curl \"https://2captcha.com/res.php?key=14cbfeed64fea439d5c055111d6760e5&action=getbalance\"" }, { "title": "Network interception (intercept/modify/mock requests)", "body": "// Intercept and log all requests\npage.on('request', req => {\n if (req.method() !== 'GET') console.log(req.method(), req.url(), req.postData()?.slice(0, 100));\n});\n\n// Intercept response bodies\npage.on('response', async res => {\n if (res.url().includes('api')) {\n const body = await res.text().catch(() => '');\n console.log(res.status(), res.url(), body.slice(0, 200));\n }\n});\n\n// Modify request (e.g., inject token)\nawait page.route('**/api/submit', async route => {\n const req = route.request();\n let body = req.postData() || '';\n body = body.replace('OLD', 'NEW');\n await route.continue({\n postData: body,\n headers: { ...req.headers(), 'X-Custom': 'value' }\n });\n});\n\n// Block trackers to speed up page load\nawait page.route('**/(analytics|tracking|ads)/**', route => route.abort());" }, { "title": "Take screenshot when something fails", "body": "await page.screenshot({ path: '/tmp/debug.png' });\n// Then: image({ image: '/tmp/debug.png', prompt: 'What does the page show?' })" }, { "title": "Dump all visible form elements", "body": "const els = await page.evaluate(() => {\n const res = [];\n function collect(root) {\n for (const el of root.querySelectorAll('input,textarea,button,[contenteditable]')) {\n const rect = el.getBoundingClientRect();\n if (rect.width > 0 && rect.height > 0) // only visible\n res.push({ tag: el.tagName, name: el.name, id: el.id, text: el.textContent?.trim().slice(0,20) });\n }\n for (const n of root.querySelectorAll('*')) if (n.shadowRoot) collect(n.shadowRoot);\n }\n collect(document);\n return res;\n});\nconsole.log(els);" }, { "title": "Check if login actually worked (don't trust URL)", "body": "// Check via API/cookie — URL often stays the same after login\nconst me = await page.evaluate(async () => {\n const r = await fetch('/api/me.json', { credentials: 'include' });\n return (await r.json())?.data?.name;\n});\n// OR check for user-specific element\nconst loggedIn = await page.$('[data-user-logged-in]') !== null;" }, { "title": "Check current IP", "body": "await page.goto('https://ifconfig.me/ip');\nconst ip = await page.textContent('body');\nconsole.log('Browser IP:', ip.trim()); // should be Romanian residential" }, { "title": "Verify stealth fingerprint", "body": "const fp = await page.evaluate(() => ({\n webdriver: navigator.webdriver,\n platform: navigator.platform,\n touchPoints: navigator.maxTouchPoints,\n languages: navigator.languages,\n vendor: navigator.vendor,\n}));\nconsole.log(fp);\n// webdriver: false ✅, platform: 'iPhone' ✅, touchPoints: 5 ✅" }, { "title": "Cloudflare bypass patterns", "body": "Cloudflare checks these signals (in order of importance):\n\nIP reputation — residential = clean, datacenter = blocked\nTLS fingerprint (JA4) — Playwright Chromium has a known bad fingerprint\nnavigator.webdriver — true = instant block\nMouse entropy — no mouse events = bot\nCanvas fingerprint — static across sessions = flagged\nHTTP/2 fingerprint — Chrome vs Playwright differ\n\n// Best practice for Cloudflare-protected sites\nconst { page, humanScroll, sleep } = await launchHuman();\nawait page.goto('https://cf-protected.com', { waitUntil: 'networkidle', timeout: 30000 });\nawait sleep(2000); // let CF challenge resolve\nawait humanScroll(page); // mouse entropy\nawait sleep(1000);\n// Now the page is accessible\n\nIf still blocked:\n\nSwitch country: launchHuman({ country: 'us' }) — some sites block Romanian IPs specifically\nTry desktop mode: launchHuman({ mobile: false }) — some CF rules target mobile UAs\nAdd longer wait: await sleep(5000) after navigation before interacting" }, { "title": "Session persistence (save/restore cookies)", "body": "const fs = require('fs');\n\n// Save session\nconst cookies = await ctx.cookies();\nfs.writeFileSync('/tmp/session.json', JSON.stringify(cookies));\n\n// Restore session (next run — skip login)\nconst { browser } = await launchHuman();\nconst ctx = browser.contexts()[0]; // or create new context\nconst saved = JSON.parse(fs.readFileSync('/tmp/session.json'));\nawait ctx.addCookies(saved);\n// Now navigate — already logged in" }, { "title": "Multi-page scraping at scale", "body": "// Respect rate limits — don't hammer sites\nasync function scrapeWithDelay(page, urls, delayMs = 2000) {\n const results = [];\n for (const url of urls) {\n await page.goto(url, { waitUntil: 'domcontentloaded' });\n await sleep(delayMs + Math.random() * 1000); // add jitter\n results.push(await page.textContent('body'));\n }\n return results;\n}\n\n// For high-volume: rotate sessions (new session = new IP)\nasync function newSession(country = 'ro') {\n const { browser, page } = await launchHuman({ country });\n return { browser, page };\n}" }, { "title": "Proxy troubleshooting", "body": "Port blocked by host:\n\n# Test if proxy port is reachable\ntimeout 5 bash -c 'cat < /dev/tcp/ro.decodo.com/13001' && echo \"PORT OPEN\" || echo \"PORT BLOCKED\"\n# If blocked, try alt port 10000 or 10001\n\nTest proxy with curl:\n\ncurl -sx \"http://USER:PASS@ro.decodo.com:13001\" https://ifconfig.me\ncurl -sx \"http://USER:PASS@ro.decodo.com:13001\" -X POST https://httpbin.org/post -d '{\"x\":1}'\n# Both should return a Romanian IP and 200 status\n\nCheck Bright Data zone status:\n\nPOST blocked = KYC required → brightdata.com/cp/kyc\n402 error = zone over quota or wrong zone name\nmcp_unlocker zone is DEAD (deleted) — use residential_proxy1_roma zone\n\nProvider-specific notes:\n\nDecodo: ro.decodo.com:13001 — Romania-specific endpoint, no country suffix in username\nBright Data: brd.superproxy.io:33335 — add -country-ro suffix + -session-ID for sticky sessions\nIPRoyal: add country/session to PASSWORD, not username: PASS_country-ro_session-X_lifetime-30m" }, { "title": "Plans & credentials", "body": "🌐 https://humanbrowser.cloud — get credentials, manage subscription\n\nPlanPriceCountriesBandwidthStarter$13.99/mo🇷🇴 Romania2GBPro$69.99/mo🌍 10+ countries20GBEnterprise$299/mo🌍 DedicatedUnlimited\n\nPayment: Stripe (card, Apple Pay) or Crypto (USDT TRC-20, BTC, ETH, SOL)." } ], "body": "Human Browser — Complete Browser Automation Playbook\n\nDon't use plain Playwright. Don't use fetch. Don't use curl. Use this.\n\nQuick Start (free trial, no signup)\nconst { launchHuman, getTrial } = require('./.agents/skills/human-browser/scripts/browser-human');\n\nawait getTrial(); // fetches ~100MB Romania residential IP automatically\nconst { page, humanType, humanScroll, sleep } = await launchHuman();\n\nawait page.goto('https://any-protected-site.com');\n// Browsing from Romanian residential IP. Cloudflare, DataDome, Instagram — all pass.\n\nWhy residential proxy is mandatory on a VPS\n\nCloudflare, Instagram, Reddit, LinkedIn, Amazon check your IP reputation before your JS runs. A Contabo/Hetzner/AWS IP = 95/100 risk score = instant block. A residential ISP IP = 5/100 = trusted user.\n\nNo fingerprint trick fixes a bad IP. Proxy first, fingerprint second.\n\nProxy providers (tested, ranked)\nProvider\tGET\tPOST\tKYC\tPrice/GB\tLink\nDecodo ✅ PRIMARY\t✅\t✅\tEmail only\t~$3\tdecodo.com\nBright Data\t✅\t❌*\tID required\t~$5\tbrightdata.com\nIPRoyal\t✅\t✅\tStrict KYC\t~$4\tiproyal.com\nNodeMaven\t✅\t✅\tEmail only\t~$3.5\tnodemaven.com\nOxylabs\t✅\t✅\tBusiness\t~$8\toxylabs.io\n\nDecodo is the default — no KYC, GET+POST both work, standard HTTP proxy format.\n\nGet your own proxy credentials\n\nBring your own credentials via env vars — any provider works:\n\nexport HB_PROXY_SERVER=http://host:port\nexport HB_PROXY_USER=your_username\nexport HB_PROXY_PASS=your_password\n\n\nProviders to get residential proxies from:\n\nDecodo — no KYC, instant access, Romania + 100 countries. Default in this skill.\nBright Data — 72M+ IPs, 195 countries, enterprise-grade reliability.\nIPRoyal — ethically-sourced IPs, 195 countries, flexible plans.\nNodeMaven — high success rate, pay-per-GB, no minimums.\nOxylabs — premium business proxy with dedicated support.\nProxy config via env vars\n# Decodo Romania (default in browser-human.js)\nexport HB_PROXY_PROVIDER=decodo # or: brightdata, iproyal, nodemaven\nexport HB_NO_PROXY=1 # disable proxy entirely (testing only)\n\n# Manual override — any provider\nexport HB_PROXY_SERVER=http://host:port\nexport HB_PROXY_USER=username\nexport HB_PROXY_PASS=password\n\nProxy format reference\nDecodo: http://USER:PASS@ro.decodo.com:13001 (Romania, no KYC)\nBright Data: http://USER-session-SID:PASS@brd.superproxy.io:33335\nIPRoyal: http://USER:PASS_country-ro_session-SID_lifetime-30m@geo.iproyal.com:12321\n\nlaunchHuman() — all options\n// Mobile (default): iPhone 15 Pro, Romania IP, touch events\nconst { browser, page, humanType, humanClick, humanScroll, humanRead, sleep } = await launchHuman();\n\n// Desktop: Chrome, Romania IP — use for sites that reject mobile\nconst { browser, page } = await launchHuman({ mobile: false });\n\n// Country selection (Pro plan)\nconst { page } = await launchHuman({ country: 'us' }); // US residential\nconst { page } = await launchHuman({ country: 'gb' }); // UK\nconst { page } = await launchHuman({ country: 'de' }); // Germany\n\n// No proxy (local testing)\nprocess.env.HB_NO_PROXY = '1';\nconst { page } = await launchHuman();\n\nDefault fingerprint (what sites see)\nDevice: iPhone 15 Pro, iOS 17.4.1, Safari\nViewport: 393×852, deviceScaleFactor=3\nIP: Romanian residential (DIGI Telecom / WS Telecom)\nTimezone: Europe/Bucharest\nGeolocation: Bucharest (44.4268, 26.1025)\nTouch: 5 points, real touch events\nwebdriver: false\nMouse: Bezier curve paths, not straight lines\nTyping: 60–220ms/char + random pauses\nHuman-like interaction helpers\n// Type — triggers all native input events (React, Angular, Vue, Web Components)\nawait humanType(page, 'input[name=\"email\"]', 'user@example.com');\n\n// Click — uses Bezier mouse movement before click\nawait humanClick(page, x, y);\n\n// Scroll — smooth, stepped, with jitter\nawait humanScroll(page, 'down'); // or 'up'\n\n// Read — random pause simulating reading time\nawait humanRead(page); // waits 1.5–4s\n\n// Sleep\nawait sleep(1500);\n\nShadow DOM — forms inside web components\n\nReddit, Shopify, many modern React apps use Shadow DOM for forms. Standard page.$() and page.fill() won't find these inputs.\n\nDetect if Shadow DOM is the issue\n// If this returns 0 but inputs are visible on screen — you have Shadow DOM\nconst inputs = await page.$$('input');\nconsole.log(inputs.length); // 0 = shadow DOM\n\nUniversal shadow DOM traversal\n// Deep query — finds elements inside any depth of shadow roots\nasync function shadowQuery(page, selector) {\n return page.evaluate((sel) => {\n function q(root, s) {\n const el = root.querySelector(s);\n if (el) return el;\n for (const node of root.querySelectorAll('*')) {\n if (node.shadowRoot) {\n const found = q(node.shadowRoot, s);\n if (found) return found;\n }\n }\n return null;\n }\n return q(document, sel);\n }, selector);\n}\n\n// Fill input in shadow DOM\nasync function shadowFill(page, selector, value) {\n await page.evaluate(({ sel, val }) => {\n function q(root, s) {\n const el = root.querySelector(s); if (el) return el;\n for (const n of root.querySelectorAll('*')) if (n.shadowRoot) { const f = q(n.shadowRoot, s); if (f) return f; }\n }\n const el = q(document, sel);\n if (!el) throw new Error('Not found: ' + sel);\n // Use native setter to trigger React/Angular onChange\n const nativeSetter = Object.getOwnPropertyDescriptor(window.HTMLInputElement.prototype, 'value').set;\n nativeSetter.call(el, val);\n el.dispatchEvent(new Event('input', { bubbles: true }));\n el.dispatchEvent(new Event('change', { bubbles: true }));\n }, { sel: selector, val: value });\n}\n\n// Click button in shadow DOM by text\nasync function shadowClickButton(page, buttonText) {\n await page.evaluate((text) => {\n function findBtn(root) {\n for (const b of root.querySelectorAll('button'))\n if (b.textContent.trim() === text) return b;\n for (const n of root.querySelectorAll('*'))\n if (n.shadowRoot) { const f = findBtn(n.shadowRoot); if (f) return f; }\n }\n const btn = findBtn(document);\n if (!btn) throw new Error('Button not found: ' + text);\n btn.click();\n }, buttonText);\n}\n\n// Dump all inputs (including shadow DOM) — use for debugging\nasync function dumpAllInputs(page) {\n return page.evaluate(() => {\n const result = [];\n function collect(root) {\n for (const el of root.querySelectorAll('input, textarea, select'))\n result.push({ tag: el.tagName, name: el.name, id: el.id, type: el.type, placeholder: el.placeholder });\n for (const n of root.querySelectorAll('*'))\n if (n.shadowRoot) collect(n.shadowRoot);\n }\n collect(document);\n return result;\n });\n}\n\nPlaywright's built-in shadow DOM piercing\n\nPlaywright can pierce shadow DOM natively in some cases:\n\n// Works for single shadow root (not nested)\nawait page.locator('input[name=\"username\"]').fill('value'); // auto-pierces 1 level\n\n// For deeply nested, use the evaluate approach above\n\nRich text editors (Lexical, ProseMirror, Quill, Draft.js)\n\nStandard page.fill() and page.type() don't work on contenteditable editors.\n\nClipboard paste — most reliable method\n// Works for all rich text editors (Reddit, Notion, Linear, etc.)\nasync function pasteIntoEditor(page, editorSelector, text) {\n const el = await page.$(editorSelector);\n await el.click();\n await sleep(300);\n\n // Write to clipboard via execCommand (works in Playwright)\n await page.evaluate((t) => {\n const textarea = document.createElement('textarea');\n textarea.value = t;\n document.body.appendChild(textarea);\n textarea.select();\n document.execCommand('copy');\n document.body.removeChild(textarea);\n }, text);\n\n await page.keyboard.press('Control+a'); // select all existing\n await page.keyboard.press('Control+v'); // paste\n}\n\n// Or via ClipboardEvent dispatch (works in some editors)\nasync function dispatchPaste(page, editorSelector, text) {\n const el = await page.$(editorSelector);\n await el.click();\n await page.evaluate((t) => {\n const dt = new DataTransfer();\n dt.setData('text/plain', t);\n document.activeElement.dispatchEvent(new ClipboardEvent('paste', { clipboardData: dt, bubbles: true }));\n }, text);\n}\n\nCommon editor selectors\n'[data-lexical-editor]' // Reddit, Meta, many modern apps\n'.public-DraftEditor-content' // Draft.js (Twitter, Quora)\n'.ql-editor' // Quill (many SaaS apps)\n'.ProseMirror' // ProseMirror (Linear, Confluence)\n'[contenteditable=\"true\"]' // Generic — pick the right one if multiple\n'.tox-edit-area__iframe' // TinyMCE — need to switch into iframe\n\nLogin patterns\nReddit (shadow DOM + Enter key submission)\n// Reddit uses shadow DOM forms AND reCAPTCHA — must use desktop mode + Enter\nconst { browser, page, sleep } = await launchHuman({ mobile: false }); // Desktop required\n\nawait page.goto('https://www.reddit.com/login/', { waitUntil: 'domcontentloaded' });\nawait sleep(3000);\n\n// Type naturally — triggers React state + reCAPTCHA scoring\nawait page.locator('input[name=\"username\"]').click();\nawait sleep(500);\nawait page.keyboard.type(USERNAME, { delay: 120 });\nawait sleep(1000);\nawait page.locator('input[name=\"password\"]').click();\nawait sleep(500);\nawait page.keyboard.type(PASSWORD, { delay: 90 });\nawait sleep(1500);\n\n// IMPORTANT: Use Enter key, not button click — Enter triggers proper form submission\nawait page.keyboard.press('Enter');\nawait sleep(8000); // wait for full login + redirect\n\n// Verify login\nconst name = await page.evaluate(async () => {\n const r = await fetch('/api/me.json', { credentials: 'include' });\n return (await r.json())?.data?.name;\n});\nconsole.log('Logged in as:', name); // null = failed\n\n// Submit Reddit post\nawait page.goto('https://www.reddit.com/r/SUBREDDIT/submit/?type=TEXT', { waitUntil: 'networkidle' });\nawait page.waitForSelector('#innerTextArea');\nawait page.click('#innerTextArea');\nawait page.keyboard.type(TITLE, { delay: 30 });\n\n// Body: Lexical editor\nawait pasteIntoEditor(page, '[data-lexical-editor]', BODY);\nawait page.click('#inner-post-submit-button');\n\n\nKey insights for Reddit:\n\nMobile launchHuman() shows app redirect page — always use { mobile: false }\nButton click on \"Log In\" unreliable — keyboard.press('Enter') works\npage.locator('input[name=\"username\"]') pierces Reddit's shadow DOM automatically\nreCAPTCHA v3 scores the session — human-like typing delays improve score\nAfter login, URL stays at /login/ — check via /api/me.json, not URL\nGeneric login with shadow DOM\nconst { page, sleep } = await launchHuman({ mobile: false });\nawait page.goto('https://example.com/login', { waitUntil: 'domcontentloaded' });\nawait sleep(3000);\n\n// Try Playwright locator first (pierces 1 level of shadow DOM)\ntry {\n await page.locator('input[name=\"email\"]').fill(EMAIL);\n await page.locator('input[name=\"password\"]').fill(PASS);\n} catch {\n // Fallback: deep shadow DOM traversal\n await shadowFill(page, 'input[name=\"email\"]', EMAIL);\n await shadowFill(page, 'input[name=\"password\"]', PASS);\n}\n\n// Submit — try multiple approaches\nawait page.keyboard.press('Enter'); // most reliable\n// OR: await shadowClickButton(page, 'Log In');\n// OR: await page.click('button[type=\"submit\"]');\n\nCAPTCHA solving (2captcha integration)\n\nUse when a site's login or form requires CAPTCHA.\n\n2captcha API key: 14cbfeed64fea439d5c055111d6760e5\n\nreCAPTCHA v2 (checkbox/invisible)\nconst https = require('https');\n\nasync function solve2captcha(siteKey, pageUrl) {\n const CAPTCHA_KEY = '14cbfeed64fea439d5c055111d6760e5';\n\n function get(url) {\n return new Promise((res, rej) => {\n https.get(url, r => {\n let b = ''; r.on('data', d => b += d); r.on('end', () => res(b));\n }).on('error', rej);\n });\n }\n\n // Submit\n const sub = await get(`https://2captcha.com/in.php?key=${CAPTCHA_KEY}&method=userrecaptcha&googlekey=${encodeURIComponent(siteKey)}&pageurl=${encodeURIComponent(pageUrl)}&json=1`);\n const { status, request: id } = JSON.parse(sub);\n if (status !== 1) throw new Error('2captcha submit failed: ' + sub);\n console.log('2captcha ID:', id, '— waiting ~30s...');\n\n // Poll\n for (let i = 0; i < 24; i++) {\n await new Promise(r => setTimeout(r, 5000));\n const poll = await get(`https://2captcha.com/res.php?key=${CAPTCHA_KEY}&action=get&id=${id}&json=1`);\n const r = JSON.parse(poll);\n if (r.status === 1) return r.request; // token\n if (r.request !== 'CAPCHA_NOT_READY') throw new Error('2captcha error: ' + poll);\n }\n throw new Error('2captcha timeout');\n}\n\n// Usage: solve, then inject into form before submission\nconst token = await solve2captcha('6LfirrMoAAAAAHZOipvza4kpp_VtTwLNuXVwURNQ', 'https://www.reddit.com/login/');\n\n// Inject into hidden field (for classic reCAPTCHA v2)\nawait page.evaluate((t) => {\n const el = document.getElementById('g-recaptcha-response');\n if (el) el.value = t;\n}, token);\n\nIntercept and replace reCAPTCHA token in network requests\n// Solve captcha BEFORE navigating, then intercept the form POST\nconst token = await solve2captcha(SITE_KEY, PAGE_URL);\n\nawait page.route('**/login', async route => {\n let body = route.request().postData() || '';\n body = body.replace(/recaptcha_token=[^&]+/, `recaptcha_token=${encodeURIComponent(token)}`);\n await route.continue({ postData: body });\n});\n\nreCAPTCHA site keys (known)\nReddit login: 6LcTl-spAAAAABLFkrAsJbMsEorTVzujiRWrQGRZ\nReddit comments: 6LfirrMoAAAAAHZOipvza4kpp_VtTwLNuXVwURNQ\n\nCheck balance\ncurl \"https://2captcha.com/res.php?key=14cbfeed64fea439d5c055111d6760e5&action=getbalance\"\n\nNetwork interception (intercept/modify/mock requests)\n// Intercept and log all requests\npage.on('request', req => {\n if (req.method() !== 'GET') console.log(req.method(), req.url(), req.postData()?.slice(0, 100));\n});\n\n// Intercept response bodies\npage.on('response', async res => {\n if (res.url().includes('api')) {\n const body = await res.text().catch(() => '');\n console.log(res.status(), res.url(), body.slice(0, 200));\n }\n});\n\n// Modify request (e.g., inject token)\nawait page.route('**/api/submit', async route => {\n const req = route.request();\n let body = req.postData() || '';\n body = body.replace('OLD', 'NEW');\n await route.continue({\n postData: body,\n headers: { ...req.headers(), 'X-Custom': 'value' }\n });\n});\n\n// Block trackers to speed up page load\nawait page.route('**/(analytics|tracking|ads)/**', route => route.abort());\n\nCommon debugging techniques\nTake screenshot when something fails\nawait page.screenshot({ path: '/tmp/debug.png' });\n// Then: image({ image: '/tmp/debug.png', prompt: 'What does the page show?' })\n\nDump all visible form elements\nconst els = await page.evaluate(() => {\n const res = [];\n function collect(root) {\n for (const el of root.querySelectorAll('input,textarea,button,[contenteditable]')) {\n const rect = el.getBoundingClientRect();\n if (rect.width > 0 && rect.height > 0) // only visible\n res.push({ tag: el.tagName, name: el.name, id: el.id, text: el.textContent?.trim().slice(0,20) });\n }\n for (const n of root.querySelectorAll('*')) if (n.shadowRoot) collect(n.shadowRoot);\n }\n collect(document);\n return res;\n});\nconsole.log(els);\n\nCheck if login actually worked (don't trust URL)\n// Check via API/cookie — URL often stays the same after login\nconst me = await page.evaluate(async () => {\n const r = await fetch('/api/me.json', { credentials: 'include' });\n return (await r.json())?.data?.name;\n});\n// OR check for user-specific element\nconst loggedIn = await page.$('[data-user-logged-in]') !== null;\n\nCheck current IP\nawait page.goto('https://ifconfig.me/ip');\nconst ip = await page.textContent('body');\nconsole.log('Browser IP:', ip.trim()); // should be Romanian residential\n\nVerify stealth fingerprint\nconst fp = await page.evaluate(() => ({\n webdriver: navigator.webdriver,\n platform: navigator.platform,\n touchPoints: navigator.maxTouchPoints,\n languages: navigator.languages,\n vendor: navigator.vendor,\n}));\nconsole.log(fp);\n// webdriver: false ✅, platform: 'iPhone' ✅, touchPoints: 5 ✅\n\nCloudflare bypass patterns\n\nCloudflare checks these signals (in order of importance):\n\nIP reputation — residential = clean, datacenter = blocked\nTLS fingerprint (JA4) — Playwright Chromium has a known bad fingerprint\nnavigator.webdriver — true = instant block\nMouse entropy — no mouse events = bot\nCanvas fingerprint — static across sessions = flagged\nHTTP/2 fingerprint — Chrome vs Playwright differ\n// Best practice for Cloudflare-protected sites\nconst { page, humanScroll, sleep } = await launchHuman();\nawait page.goto('https://cf-protected.com', { waitUntil: 'networkidle', timeout: 30000 });\nawait sleep(2000); // let CF challenge resolve\nawait humanScroll(page); // mouse entropy\nawait sleep(1000);\n// Now the page is accessible\n\n\nIf still blocked:\n\nSwitch country: launchHuman({ country: 'us' }) — some sites block Romanian IPs specifically\nTry desktop mode: launchHuman({ mobile: false }) — some CF rules target mobile UAs\nAdd longer wait: await sleep(5000) after navigation before interacting\nSession persistence (save/restore cookies)\nconst fs = require('fs');\n\n// Save session\nconst cookies = await ctx.cookies();\nfs.writeFileSync('/tmp/session.json', JSON.stringify(cookies));\n\n// Restore session (next run — skip login)\nconst { browser } = await launchHuman();\nconst ctx = browser.contexts()[0]; // or create new context\nconst saved = JSON.parse(fs.readFileSync('/tmp/session.json'));\nawait ctx.addCookies(saved);\n// Now navigate — already logged in\n\nMulti-page scraping at scale\n// Respect rate limits — don't hammer sites\nasync function scrapeWithDelay(page, urls, delayMs = 2000) {\n const results = [];\n for (const url of urls) {\n await page.goto(url, { waitUntil: 'domcontentloaded' });\n await sleep(delayMs + Math.random() * 1000); // add jitter\n results.push(await page.textContent('body'));\n }\n return results;\n}\n\n// For high-volume: rotate sessions (new session = new IP)\nasync function newSession(country = 'ro') {\n const { browser, page } = await launchHuman({ country });\n return { browser, page };\n}\n\nProxy troubleshooting\n\nPort blocked by host:\n\n# Test if proxy port is reachable\ntimeout 5 bash -c 'cat < /dev/tcp/ro.decodo.com/13001' && echo \"PORT OPEN\" || echo \"PORT BLOCKED\"\n# If blocked, try alt port 10000 or 10001\n\n\nTest proxy with curl:\n\ncurl -sx \"http://USER:PASS@ro.decodo.com:13001\" https://ifconfig.me\ncurl -sx \"http://USER:PASS@ro.decodo.com:13001\" -X POST https://httpbin.org/post -d '{\"x\":1}'\n# Both should return a Romanian IP and 200 status\n\n\nCheck Bright Data zone status:\n\nPOST blocked = KYC required → brightdata.com/cp/kyc\n402 error = zone over quota or wrong zone name\nmcp_unlocker zone is DEAD (deleted) — use residential_proxy1_roma zone\n\nProvider-specific notes:\n\nDecodo: ro.decodo.com:13001 — Romania-specific endpoint, no country suffix in username\nBright Data: brd.superproxy.io:33335 — add -country-ro suffix + -session-ID for sticky sessions\nIPRoyal: add country/session to PASSWORD, not username: PASS_country-ro_session-X_lifetime-30m\nPlans & credentials\n\n🌐 https://humanbrowser.cloud — get credentials, manage subscription\n\nPlan\tPrice\tCountries\tBandwidth\nStarter\t$13.99/mo\t🇷🇴 Romania\t2GB\nPro\t$69.99/mo\t🌍 10+ countries\t20GB\nEnterprise\t$299/mo\t🌍 Dedicated\tUnlimited\n\nPayment: Stripe (card, Apple Pay) or Crypto (USDT TRC-20, BTC, ETH, SOL)." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/al1enjesus/human-browser", "publisherUrl": "https://clawhub.ai/al1enjesus/human-browser", "owner": "al1enjesus", "version": "4.0.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/human-browser", "downloadUrl": "https://openagent3.xyz/downloads/human-browser", "agentUrl": "https://openagent3.xyz/skills/human-browser/agent", "manifestUrl": "https://openagent3.xyz/skills/human-browser/agent.json", "briefUrl": "https://openagent3.xyz/skills/human-browser/agent.md" } }