#23252: feat(skills): add browser-use as bundled skill

## Summary - **Problem:** Browser automation is the top user pain point — 52% of complaints are anti-bot detection, there are zero persistent sessions (no cookies, logins, or state), and a viral security exposure post hit 565K views. Across the ecosystem: [850+ GitHub issues](https://github.com/openclaw/openclaw/issues?q=is%3Aissue+browser), 350+ Moltbook votes, 35+ Reddit threads, and widespread frustration on X. Users face Playwright crashes, Chrome Relay instability, cold sessions, and 150K+ token costs per browser job. - **Why it matters:** [Browser Use](https://github.com/browser-use/browser-use) is the top open-source browser automation framework — 79K GitHub stars, 35K weekly installs, 114K ClawdHub views. It uses [CDP directly instead of Playwright](https://browser-use.com/posts/playwright-to-cdp), with built-in anti-detection, captcha solving, persistent auth via Profile Sync, and cloud browser support. Users are already combining the two tools in production. - **What changed:** Added `skills/browser-use/SKILL.md` — a single file with OpenClaw frontmatter metadata and the full browser-use CLI reference, following the `nano-pdf` pattern (`kind: "uv"`, `requires.bins: ["browser-use"]`). [Full audit deck](https://browser-use.com/openclaw-deck.html) ## Change Type (select all) - [ ] Bug fix - [x] Feature - [ ] Refactor - [ ] Docs - [ ] Security hardening - [ ] Chore/infra ## Scope (select all touched areas) - [ ] Gateway / orchestration - [x] Skills / tool execution - [ ] Auth / tokens - [ ] Memory / storage - [ ] Integrations - [ ] API / contracts - [ ] UI / DX - [ ] CI/CD / infra ## Linked Issue/PR - Related: [Browser Use × OpenClaw deck](https://browser-use.com/openclaw-deck.html) ## User-visible / Behavior Changes - `browser-use` appears in `openclaw onboard` skill multiselect with 🌐 emoji - `openclaw skills` lists it as `openclaw-bundled` (`✗ missing` until installed, `✓ ready` after) - When installed, the skill prompt loads into agent context enabling browser automation ## Security Impact (required) - New permissions/capabilities? `No` — browser-use already exists as a public skill; this bundles it - Secrets/tokens handling changed? `No` - New/changed network calls? `No` - Command/tool execution surface changed? `No` — skill prompt only loads when `browser-use` binary is already installed - Data access scope changed? `No` ## Repro + Verification ### Environment - OS: macOS (Darwin 24.1.0) + Linux (Docker ubuntu:22.04) - Runtime/container: Node.js via `pnpm build` + Docker for isolation testing - Model/provider: N/A (no model interaction needed for skill registration) ### Steps 1. Build: `pnpm install && pnpm build` 2. Check skill listing: `node dist/index.js skills` — browser-use appears as `openclaw-bundled` 3. In Docker: `openclaw onboard` — browser-use appears in install multiselect 4. After `uv tool install browser-use`: status changes to `✓ ready` 5. Smoke test: `browser-use open https://example.com && browser-use state && browser-use close` ### Expected - Skill detected as `openclaw-bundled`, shows in onboard with 🌐, loads into agent prompt after install ### Actual - All confirmed in both local and Docker environments ## Evidence - [x] Trace/log snippets — `openclaw skills` output, Docker onboard output, `browser-use doctor`, full smoke test - [x] [Full audit deck — 850+ GitHub issues, 350+ Moltbook votes, 35+ Reddit threads, X audit](https://browser-use.com/openclaw-deck.html) ## Human Verification (required) - **Verified scenarios:** Skill detection via `openclaw skills`; full Docker lifecycle (detection → install → ready → smoke test); `openclaw onboard` flow; frontmatter parsing - **Edge cases checked:** Skill not loaded when binary missing (requires.bins gate works); personal copy shadows bundled version (expected) - **What I did not verify:** Windows; Linux without brew for uv auto-install (existing limitation for all uv-kind skills) ## Compatibility / Migration - Backward compatible? `Yes` — additive only - Config/env changes? `No` - Migration needed? `No` ## Failure Recovery (if this breaks) - How to disable/revert: Delete `skills/browser-use/SKILL.md` - Files/config to restore: None — single file addition - Known bad symptoms: Skill not appearing in `openclaw skills`, frontmatter parse errors ## Risks and Mitigations `None` — single markdown file following an established pattern. No code changes, no new dependencies. 🤖 Generated with [Claude Code](https://claude.com/claude-code)