Browser Auth
This skill allows the agent to request the user to perform a manual login on a website and then capture the session cookies/localStorage for further automated work.
🚨 Security & Risk Mitigation
We take security seriously. Below is how we address common concerns related to remote browser control:
1. Remote Code Execution (RCE) Protection
- * Always Sandboxed: Chromium runs with the system sandbox ENABLED. There is no option to disable it in the code. This prevents a malicious website from escaping the browser and executing code on your host.
- Isolation Recommendation: We recommend running this skill within an isolated container (Docker) or a dedicated VM for an extra layer of protection.
2. Token Leakage (Referrer Protection)
- * Referrer Policy: The server enforces
Referrer-Policy: no-referrer. This ensures that even if you navigate to an untrusted site, your secret AUTH_TOKEN is NEVER sent in the HTTP Referer header. - URL Cleansing: The interface automatically clears the
token parameter from your browser's address bar immediately after the page loads.
3. Data Sensitivity
- * Session Artifacts: The
session.json file contains active login cookies. Treat it with the same level of security as a password. - Mandatory Cleanup: Always delete the session file immediately after the agent finishes its task.
- No Persistence: This skill does not store credentials long-term or exfiltrate them to external servers.
4. Network Exposure
- * Default Local Bind: By default, the server binds to
127.0.0.1. - Secure Access: If you need remote access, do not bind to
0.0.0.0 directly. Instead, use a secure tunnel like Tailscale, Cloudflare Tunnel (cloudflared), or an SSH tunnel.
When to Use
- - When a website requires manual interaction to solve Captcha or 2FA.
- When bot detection prevents automated login.
- When you want to authorize an agent without sharing your password.
Workflow
- 1. Request Auth: Start the tunnel using
scripts/auth_server.js. - Provide Link: Share the link (including token) with the intended user over a secure channel.
- Wait for Session: The user logs in and clicks DONE in the web UI.
- Verify: Use
scripts/verify_session.js to confirm the session is valid. - Cleanup: Delete the session file once the task is complete.
Tools
Start Auth Server
�CODEBLOCK0
Verify Session
�CODEBLOCK1
Runtime Requirements
Requires:
express,
socket.io,
playwright-core, and a system
chromium-browser.
浏览器认证
此技能允许智能体请求用户在网站上执行手动登录,然后捕获会话cookie/localStorage以供进一步的自动化工作。
🚨 安全与风险缓解
我们高度重视安全性。以下是我们如何应对与远程浏览器控制相关的常见问题:
1. 远程代码执行(RCE)防护
- * 始终沙箱化:Chromium在系统沙箱启用状态下运行。代码中没有禁用该功能的选项。这可以防止恶意网站突破浏览器并在您的主机上执行代码。
- 隔离建议:我们建议在隔离容器(Docker)或专用虚拟机中运行此技能,以提供额外保护层。
2. 令牌泄露(Referrer防护)
- * Referrer策略:服务器强制执行Referrer-Policy: no-referrer。这确保即使您导航到不受信任的站点,您的秘密AUTH_TOKEN也永远不会通过HTTP Referer标头发送。
- URL清理:页面加载后,界面会自动从浏览器地址栏中清除token参数。
3. 数据敏感性
- * 会话产物:session.json文件包含活跃的登录cookie。请以与密码相同的安全级别对待它。
- 强制清理:智能体完成任务后,务必立即删除会话文件。
- 无持久化:此技能不会长期存储凭据,也不会将其泄露到外部服务器。
4. 网络暴露
- * 默认本地绑定:默认情况下,服务器绑定到127.0.0.1。
- 安全访问:如果您需要远程访问,请勿直接绑定到0.0.0.0。相反,请使用安全隧道,如Tailscale、Cloudflare Tunnel(cloudflared)或SSH隧道。
使用场景
- - 当网站需要手动交互来解决验证码或双因素认证时。
- 当机器人检测阻止自动登录时。
- 当您希望授权智能体而不共享密码时。
工作流程
- 1. 请求认证:使用scripts/authserver.js启动隧道。
- 提供链接:通过安全渠道与目标用户分享链接(包含令牌)。
- 等待会话:用户登录并在Web界面中点击完成。
- 验证:使用scripts/verifysession.js确认会话有效。
- 清理:任务完成后删除会话文件。
工具
启动认证服务器
bash
AUTH
HOST=127.0.0.1 AUTHTOKEN=mysecret node scripts/auth_server.js <端口> <会话文件>
验证会话
bash
node scripts/verify_session.js <会话文件> <目标URL> <预期文本>
运行时要求
需要:express、socket.io、playwright-core以及系统chromium-browser。
