{ "schemaVersion": "1.0", "item": { "slug": "online-shopping", "name": "Online Shopping", "source": "tencent", "type": "skill", "category": "通讯协作", "sourceUrl": "https://clawhub.ai/filipmartinsson/online-shopping", "canonicalUrl": "https://clawhub.ai/filipmartinsson/online-shopping", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/online-shopping", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=online-shopping", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "references/preferences-template.md", "references/setup.md", "references/sites-template.md", "references/sites.md", "scripts/browse.mjs" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/online-shopping" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/online-shopping", "agentPageUrl": "https://openagent3.xyz/skills/online-shopping/agent", "manifestUrl": "https://openagent3.xyz/skills/online-shopping/agent.json", "briefUrl": "https://openagent3.xyz/skills/online-shopping/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Overview", "body": "Search for products, compare options, and complete purchases on online stores — even those protected by Cloudflare. Uses Patchright (stealth Playwright) to avoid bot detection." }, { "title": "First-Time Setup", "body": "Run the setup script to install all dependencies:\n\nbash /scripts/setup.sh\n\nThis installs xvfb, Patchright, and Chromium, then verifies everything works. See references/setup.md for manual steps or troubleshooting." }, { "title": "Workflow", "body": "Understand the request — product type, specs, size, brand preference, budget\nBrowse the store — use stealth browser script to search and extract product listings\nRecommend — present options with price, availability, ratings. Give a clear recommendation.\nConfirm — get explicit approval before adding to cart\nCheckout — fill shipping/contact details, select delivery and payment\nStop before paying — always confirm with the user before completing a purchase" }, { "title": "Using the Stealth Browser", "body": "All browsing goes through Patchright scripts executed with xvfb-run. Do NOT use OpenClaw's built-in browser tool for Cloudflare-protected sites — it connects via CDP which leaks Runtime.enable calls that Cloudflare detects." }, { "title": "Quick browse (bundled script)", "body": "xvfb-run --auto-servernum node /scripts/browse.mjs \"\" --screenshot /tmp/page.png --text" }, { "title": "Custom scripts", "body": "Write .mjs scripts in /tmp/ for multi-step flows. Auto-detect Patchright path:\n\nimport { createRequire } from 'module';\nimport { execSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\n\nfunction findPatchright() {\n const root = execSync('npm root -g 2>/dev/null').toString().trim();\n const candidates = [\n root + '/openclaw/node_modules/patchright',\n process.env.HOME + '/.npm-global/lib/node_modules/openclaw/node_modules/patchright',\n root + '/patchright',\n ];\n for (const p of candidates) {\n try { if (existsSync(p)) return p; } catch {}\n }\n throw new Error('Patchright not found. Run setup.sh first.');\n}\n\nconst require = createRequire(import.meta.url);\nconst { chromium } = require(findPatchright());\n\nconst browser = await chromium.launchPersistentContext('/tmp/patchright-ctx', {\n headless: false, // REQUIRED — Cloudflare detects headless\n viewport: null, // REQUIRED — use real viewport, not default 800x600\n args: ['--no-sandbox', '--disable-gpu'],\n});\n\nconst page = browser.pages()[0] || await browser.newPage();\n// ... your automation here ...\nawait browser.close();\n\nExecute with: xvfb-run --auto-servernum node /tmp/my-script.mjs" }, { "title": "Critical best practices (from Patchright docs)", "body": "These are essential for avoiding bot detection:\n\nheadless: false — always. Cloudflare fingerprints headless mode. Use xvfb for servers without a display.\nviewport: null — let the browser use its natural viewport. Custom viewports are a detection signal.\nDo NOT set custom userAgent or HTTP headers — fingerprint injection makes you more detectable, not less.\nUse persistent context (launchPersistentContext) — retains cookies, localStorage, and session state between runs. Also more closely resembles real browser behavior.\nPrefer Google Chrome over Chromium where available (x86_64: npx patchright install chrome, then channel: \"chrome\"). Chromium has subtle fingerprint differences. ARM64 only supports Chromium.\nDo NOT use connectOverCDP() — connecting via raw CDP bypasses Patchright's patches. Always use chromium.launch() or chromium.launchPersistentContext()." }, { "title": "Why Patchright works where Playwright doesn't", "body": "Patchright patches three key detection vectors:\n\nRuntime.enable leak — Playwright uses Runtime.enable CDP call which sites detect. Patchright executes JS in isolated execution contexts instead.\nCommand flag leaks — Removes --enable-automation, adds --disable-blink-features=AutomationControlled.\nConsole.enable leak — Disables console API to avoid detection (console.log won't work in page context)." }, { "title": "Script workflow for shopping", "body": "Search script — navigate to store, search for product, extract listings as text\nProduct script — click into a product page, get details\nCart script — add to cart, navigate to checkout\nCheckout script — dump form fields with page.evaluate(), fill details, select shipping/payment\nScreenshot — always screenshot before completing purchase for user confirmation\n\nWrite each step as a separate .mjs script in /tmp/. Persistent context means the cart and session carry over between scripts." }, { "title": "Debugging tips", "body": "Use page.screenshot() liberally to see what the page looks like\nUse page.evaluate(() => document.body.innerText) to dump page text\nDump form fields with page.evaluate(() => { ... querySelectorAll('input') ... }) before filling\nSome fields may be read-only (auto-filled from other fields) — check before trying to fill\nUse page.waitForTimeout() generously — sites need time to load/render\nClose cookie banners early — they can block interactions" }, { "title": "User Details & Preferences", "body": "Check references/preferences.md for saved shopping data (addresses, payment methods, delivery preferences, order history). If it doesn't exist yet, copy references/preferences-template.md to references/preferences.md and fill it in.\n\nFall back to USER.md for basic contact/address info.\n\nWhen checkout requires info not on file, ask the user. After a successful order, update references/preferences.md with:\n\nAny new address or delivery preference\nThe order in the history table\n\nNever store card numbers or sensitive payment credentials. Only store method names (e.g. \"Swish\", \"PayPal\", \"Visa ending 4321\")." }, { "title": "Safety", "body": "Never complete a purchase without explicit user confirmation\nShow the cart summary, total price, and shipping cost before final step\nScreenshot the checkout page and describe it to the user\nIf something looks wrong (wrong product, unexpected charges), stop and ask" }, { "title": "Site-Specific Notes", "body": "See references/sites.md for store-specific quirks and tips. If the file doesn't exist yet, copy references/sites-template.md to get started." } ], "body": "Online Shopping\nOverview\n\nSearch for products, compare options, and complete purchases on online stores — even those protected by Cloudflare. Uses Patchright (stealth Playwright) to avoid bot detection.\n\nFirst-Time Setup\n\nRun the setup script to install all dependencies:\n\nbash /scripts/setup.sh\n\n\nThis installs xvfb, Patchright, and Chromium, then verifies everything works. See references/setup.md for manual steps or troubleshooting.\n\nWorkflow\nUnderstand the request — product type, specs, size, brand preference, budget\nBrowse the store — use stealth browser script to search and extract product listings\nRecommend — present options with price, availability, ratings. Give a clear recommendation.\nConfirm — get explicit approval before adding to cart\nCheckout — fill shipping/contact details, select delivery and payment\nStop before paying — always confirm with the user before completing a purchase\nUsing the Stealth Browser\n\nAll browsing goes through Patchright scripts executed with xvfb-run. Do NOT use OpenClaw's built-in browser tool for Cloudflare-protected sites — it connects via CDP which leaks Runtime.enable calls that Cloudflare detects.\n\nQuick browse (bundled script)\nxvfb-run --auto-servernum node /scripts/browse.mjs \"\" --screenshot /tmp/page.png --text\n\nCustom scripts\n\nWrite .mjs scripts in /tmp/ for multi-step flows. Auto-detect Patchright path:\n\nimport { createRequire } from 'module';\nimport { execSync } from 'node:child_process';\nimport { existsSync } from 'node:fs';\n\nfunction findPatchright() {\n const root = execSync('npm root -g 2>/dev/null').toString().trim();\n const candidates = [\n root + '/openclaw/node_modules/patchright',\n process.env.HOME + '/.npm-global/lib/node_modules/openclaw/node_modules/patchright',\n root + '/patchright',\n ];\n for (const p of candidates) {\n try { if (existsSync(p)) return p; } catch {}\n }\n throw new Error('Patchright not found. Run setup.sh first.');\n}\n\nconst require = createRequire(import.meta.url);\nconst { chromium } = require(findPatchright());\n\nconst browser = await chromium.launchPersistentContext('/tmp/patchright-ctx', {\n headless: false, // REQUIRED — Cloudflare detects headless\n viewport: null, // REQUIRED — use real viewport, not default 800x600\n args: ['--no-sandbox', '--disable-gpu'],\n});\n\nconst page = browser.pages()[0] || await browser.newPage();\n// ... your automation here ...\nawait browser.close();\n\n\nExecute with: xvfb-run --auto-servernum node /tmp/my-script.mjs\n\nCritical best practices (from Patchright docs)\n\nThese are essential for avoiding bot detection:\n\nheadless: false — always. Cloudflare fingerprints headless mode. Use xvfb for servers without a display.\nviewport: null — let the browser use its natural viewport. Custom viewports are a detection signal.\nDo NOT set custom userAgent or HTTP headers — fingerprint injection makes you more detectable, not less.\nUse persistent context (launchPersistentContext) — retains cookies, localStorage, and session state between runs. Also more closely resembles real browser behavior.\nPrefer Google Chrome over Chromium where available (x86_64: npx patchright install chrome, then channel: \"chrome\"). Chromium has subtle fingerprint differences. ARM64 only supports Chromium.\nDo NOT use connectOverCDP() — connecting via raw CDP bypasses Patchright's patches. Always use chromium.launch() or chromium.launchPersistentContext().\nWhy Patchright works where Playwright doesn't\n\nPatchright patches three key detection vectors:\n\nRuntime.enable leak — Playwright uses Runtime.enable CDP call which sites detect. Patchright executes JS in isolated execution contexts instead.\nCommand flag leaks — Removes --enable-automation, adds --disable-blink-features=AutomationControlled.\nConsole.enable leak — Disables console API to avoid detection (console.log won't work in page context).\nScript workflow for shopping\nSearch script — navigate to store, search for product, extract listings as text\nProduct script — click into a product page, get details\nCart script — add to cart, navigate to checkout\nCheckout script — dump form fields with page.evaluate(), fill details, select shipping/payment\nScreenshot — always screenshot before completing purchase for user confirmation\n\nWrite each step as a separate .mjs script in /tmp/. Persistent context means the cart and session carry over between scripts.\n\nDebugging tips\nUse page.screenshot() liberally to see what the page looks like\nUse page.evaluate(() => document.body.innerText) to dump page text\nDump form fields with page.evaluate(() => { ... querySelectorAll('input') ... }) before filling\nSome fields may be read-only (auto-filled from other fields) — check before trying to fill\nUse page.waitForTimeout() generously — sites need time to load/render\nClose cookie banners early — they can block interactions\nUser Details & Preferences\n\nCheck references/preferences.md for saved shopping data (addresses, payment methods, delivery preferences, order history). If it doesn't exist yet, copy references/preferences-template.md to references/preferences.md and fill it in.\n\nFall back to USER.md for basic contact/address info.\n\nWhen checkout requires info not on file, ask the user. After a successful order, update references/preferences.md with:\n\nAny new address or delivery preference\nThe order in the history table\n\nNever store card numbers or sensitive payment credentials. Only store method names (e.g. \"Swish\", \"PayPal\", \"Visa ending 4321\").\n\nSafety\nNever complete a purchase without explicit user confirmation\nShow the cart summary, total price, and shipping cost before final step\nScreenshot the checkout page and describe it to the user\nIf something looks wrong (wrong product, unexpected charges), stop and ask\nSite-Specific Notes\n\nSee references/sites.md for store-specific quirks and tips. If the file doesn't exist yet, copy references/sites-template.md to get started." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/filipmartinsson/online-shopping", "publisherUrl": "https://clawhub.ai/filipmartinsson/online-shopping", "owner": "filipmartinsson", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/online-shopping", "downloadUrl": "https://openagent3.xyz/downloads/online-shopping", "agentUrl": "https://openagent3.xyz/skills/online-shopping/agent", "manifestUrl": "https://openagent3.xyz/skills/online-shopping/agent.json", "briefUrl": "https://openagent3.xyz/skills/online-shopping/agent.md" } }