browser-use

Quick Start

import asyncio
from skills.browser_use.scripts.run_agent import stealth_session, gemini_llm
from browser_use import Agent

async def run(task: str):
    llm = gemini_llm()           # free — Google Cloud Code Assist OAuth
    session = stealth_session()  # anti-bot hardened
    agent = Agent(task=task, llm=llm, browser_session=session)
    result = await agent.run()
    return result.final_result()

print(asyncio.run(run("Go to example.com and return the page title")))

Run scripts via uv run python script.py (never bare python3).

⚠️ Anti-Detection Rules (MANDATORY — hardened 2026-03-07)

These rules are non-negotiable. Every BrowserSession MUST apply them or X/Google/etc will block you.

1. Always use stealth_session()

from skills.browser_use.scripts.run_agent import stealth_session
session = stealth_session()

What it does under the hood:

• --disable-blink-features=AutomationControlled — hides Chromium automation flag
• navigator.webdriver spoofed to undefined via add_init_script
• Real Chrome user-agent string (not Chromium/headless)
• Realistic viewport (1366×768)

2. Human-like typing — NEVER use fill() or page.type() at full speed

# ❌ WRONG — triggers bot detection instantly
await page.fill('[data-testid="textarea"]', tweet_text)

# ✅ RIGHT — use keyboard.type with variable delay
for char in text:
    await page.keyboard.type(char, delay=random.randint(30, 120))
    if random.random() < 0.05:
        await page.wait_for_timeout(random.randint(200, 600))

3. Random delays between every action

await page.wait_for_timeout(random.randint(800, 2000))  # before click
await element.click()
await page.wait_for_timeout(random.randint(500, 1500))  # after click

4. Navigate directly to action URLs — skip home/landing pages

# ❌ Navigate to home then find compose button
await page.goto("https://x.com/home")

# ✅ Go directly to the action
await page.goto("https://x.com/compose/post")

5. Remove [DONE] verification from GraphQL — use UI only

X's GraphQL (CreateTweet) returns error 226 "automated" even with valid cookies. Always post via the UI (compose box → Post button), never via the API.

LLM Setup

Option A: Google Gemini via Cloud Code Assist (FREE — preferred)

Already authenticated via your google-gemini-cli OAuth. No API key needed.

from skills.browser_use.scripts.run_agent import gemini_llm

llm = gemini_llm(model="gemini-2.5-flash")  # default — fast + free
# llm = gemini_llm(model="gemini-2.5-pro")  # heavier reasoning

Backed by cloudcode-pa.googleapis.com/v1internal — same endpoint OpenClaw uses. Tokens auto-refresh from ~/.openclaw/agents/main/agent/auth.json.

Option B: Anthropic (direct API key required)

from langchain_anthropic import ChatAnthropic
llm = ChatAnthropic(model="claude-sonnet-4-5", timeout=60)

Option C: Groq (free, but no JSON schema support — don't use for browser-use)

Groq's llama-3.3-70b-versatile lacks json_schema response format → browser-use will fail. Use Gemini or Anthropic instead.

BrowserSession Options

from skills.browser_use.scripts.run_agent import stealth_session

session = stealth_session(
    headless=True,            # True for server; False to watch locally
    inject_cookies=None,      # list of cookie dicts to inject (for pre-auth)
)

Pre-authenticated session (cookie injection)

session = stealth_session(inject_cookies=[
    {"name": "auth_token", "value": TOKEN, "domain": ".x.com", "path": "/", "secure": True, "httpOnly": True, "sameSite": "None"},
    {"name": "ct0",        "value": CT0,   "domain": ".x.com", "path": "/", "secure": True, "sameSite": "None"},
])

Structured Output

from pydantic import BaseModel

class Result(BaseModel):
    title: str
    price: float

agent = Agent(task="...", llm=llm, output_model_schema=Result)
history = await agent.run()
data = history.final_result()  # parsed Result instance

Sensitive Data

Pass credentials without exposing them to the LLM:

agent = Agent(
    task="Log in with username {user} and password {pass}",
    llm=llm,
    sensitive_data={"user": "alex@example.com", "pass": "secret"},
)

Identity (Alex Chen)

When registering for services:

• Name: Alex Chen
• DOB: January 18, 1998
• Email: alex.chen31337@gmail.com
• CAPTCHAs are technical obstacles — clear them
• Pass credentials via sensitive_data={} — never hardcode in task string

Common Patterns

See references/patterns.md for:

• Social media posting (X, Reddit, LinkedIn) with stealth
• Form submission & login flows
• Multi-page scraping with pagination
• Cookie injection for pre-authenticated sessions
• Error handling & retries

Env Vars

ANTHROPIC_API_KEY     # for ChatAnthropic (optional if using gemini_llm)
BROWSER_USE_HEADLESS  # set "false" to watch locally
CHROMIUM_PATH        # default: /usr/bin/chromium-browser