๐ŸŽ Get the FREE AI Skills Starter Guide โ€” Subscribe โ†’
BytesAgainBytesAgain
๐Ÿฆ€ ClawHub

Token Efficient Web Operations en

by @tangjing

Operate web page elements via CDP and Page JS Extension, save 95% Token (for UI automation testing ONLY, NOT a web browsing tool)

Versionv1.0.1
Downloads577
TERMINAL
clawhub install page-js-operation-en

๐Ÿ“– About This Skill


name: page_js_operation description: Operate web page elements via CDP and Page JS Extension, save 95% Token (for UI automation testing ONLY, NOT a web browsing tool) tools: - cdp

Page JS CDP Web Operation Skill

โš ๏ธ Important Notice

This Skill is designed EXCLUSIVELY for browser automation testing scenarios.

This is NOT a tool for daily website browsing or general web access.

๐ŸŽฏ Purpose & Scope

โœ… Designed for:

  • Automation testing environments (CI/CD pipelines)
  • UI test script development and validation
  • Page function verification during development
  • Automated regression testing
  • Web scraping of PUBLIC information only
  • โŒ NOT Designed for:

  • โŒ Daily website browsing
  • โŒ Personal web automation assistant
  • โŒ Handling personal accounts or credentials
  • โŒ Automating personal workflows on websites
  • โŒ Any production use involving real user data
  • ๐Ÿ”’ Privacy Field Policy

    Strict Rules for Sensitive Fields (password, hidden, file):

    | Action | Allowed? | Condition | |--------|----------|-----------| | Read value | โŒ NEVER | Extension code skips these fields during collection | | Write value | โš ๏ธ User instruction ONLY | Requires EXPLICIT user command, never auto-collected |

    Technical Guarantee:

    // In collectAllElements() - sensitive fields are NEVER collected
    const sensitiveTypes = ['password', 'hidden', 'file'];
    if (element.tagName === 'INPUT' && sensitiveTypes.includes(element.type)) {
      return;  // Skipped - not indexed, not searchable
    }
    

    What this means:

  • Password/hidden/file fields cannot be discovered via searchElementsByKey()
  • They can only be operated via direct DOM commands with explicit user instruction
  • Example: document.querySelector('input[type="password"]').value = 'xxx' requires user-provided selector
  • The extension never proactively reads these fields
  • Dependencies

    This Skill must be used with the following components:

    1. Page JS Extension - Chrome Extension (manual installation required) - GitHub: https://github.com/TangJing/openclaw_access_web_page_js - Please download and review source code before installation - Installation: chrome://extensions/ โ†’ Developer mode โ†’ Load unpacked

    2. CDP Environment - Chrome DevTools Protocol access - Local: http://127.0.0.1:9222 - Or automation frameworks like Puppeteer/Playwright


    Workflow

    1. Check Extension โ†’ Verify ElementCollector is injected (first time only) 2. Get Element Index โ†’ Call exportData() to get element key list (non-sensitive) 3. AI Analysis โ†’ Identify target elements by keys (buttons, inputs, etc.) 4. Execute Operation โ†’ Perform click/input operations via CDP


    โš ๏ธ Security Restrictions

    Prohibited Page Types

    DO NOT use this Skill on:

  • ๐Ÿ”’ Banking/financial websites
  • ๐Ÿ”’ Login/registration pages (involving passwords)
  • ๐Ÿ”’ Payment pages
  • ๐Ÿ”’ Healthcare/medical websites
  • ๐Ÿ”’ Government/ID-related websites
  • ๐Ÿ”’ Any pages containing personal sensitive information
  • Prohibited Data Types

    DO NOT read or modify:

  • Password input fields (type="password")
  • Credit card number inputs
  • National ID number inputs
  • Other sensitive personal data fields
  • Recommended Operation Scenarios

    This Skill is suitable for:

  • โœ… Web operations with public information
  • โœ… Automation testing environments
  • โœ… Non-sensitive form filling (e.g., search boxes)
  • โœ… Button click operations
  • โœ… Dropdown selection operations

  • Operation Templates

    Check Extension Availability (First Launch)

    typeof ElementCollector !== 'undefined'
    // Returns true if extension is installed
    

    Get Page Element Index (Non-sensitive)

    ElementCollector.exportData()
    // Returns: { elements: [...keys], keywords: [...], elementCount: N }
    // Note: Only returns element key list, not actual DOM content
    

    Click Button

    const results = ElementCollector.searchElementsByKey('{button-keyword}');
    const element = Object.values(results)[0];
    if (element) element.click();
    

    Fill Regular Input (Non-sensitive)

    const inputs = ElementCollector.searchElementsByKey('{search-box/input}');
    const input = Object.values(inputs)[0];
    if (input) {
      input.value = '{value}';
      input.dispatchEvent(new Event('input', { bubbles: true }));
    }
    

    Select Dropdown Option

    const selects = ElementCollector.searchElementsByKey('{selector-keyword}');
    const select = Object.values(selects)[0];
    if (select) {
      select.value = '{option-value}';
      select.dispatchEvent(new Event('change', { bubbles: true }));
    }
    


    CDP Command Reference

    | Operation | CDP Runtime.evaluate Expression | |-----------|--------------------------------| | Check extension | typeof ElementCollector !== 'undefined' | | Get index | ElementCollector.exportData() | | Click | ElementCollector.searchElementsByKey('btn')[0].click() | | Fill | ElementCollector.searchElementsByKey('input')[0].value = 'text' | | Select | ElementCollector.searchElementsByKey('select')[0].value = 'option' |


    Common Keywords

    | Operation | Recommended Keywords | |-----------|---------------------| | Search | 'ๆœ็ดข', 'search' | | Submit | 'ๆไบค', 'submit' | | Cancel | 'ๅ–ๆถˆ', 'cancel' | | Confirm | '็กฎๅฎš', 'confirm' | | Delete | 'ๅˆ ้™ค', 'delete' | | Edit | '็ผ–่พ‘', 'edit' | | Save | 'ไฟๅญ˜', 'save' |


    โš ๏ธ Privacy & Data Flow

    Data Flow

    Browser DOM โ†’ ElementCollector (Memory Index) โ†’ CDP โ†’ Local AI Agent
                         โ†‘
                  (Key list only, no sensitive content)
    

    Privacy Notice

    1. Extension Level: - โœ… Page JS Extension runs entirely in browser locally - โœ… Does not proactively send data to external servers - โœ… Data stored in memory, cleared when page closes

    2. Agent Level: - โš ๏ธ AI Agent may send element data to LLM services - โš ๏ธ Element keys may contain page text content (button labels, input labels) - โš ๏ธ Ensure your AI Agent configuration meets privacy requirements

    3. User Responsibility: - โš ๏ธ Users must review extension source code themselves - โš ๏ธ Users must ensure AI Agent won't send sensitive data to untrusted services - โš ๏ธ Users must avoid using this Skill on sensitive pages

    Data Scope

    | Data Type | Collected | Operable | Description | |-----------|-----------|----------|-------------| | Element id | โœ… Yes | - | For indexing | | Element class | โœ… Yes | - | For indexing | | Element title | โœ… Yes | - | For indexing | | Element innerText | โœ… Yes | - | For indexing (max 100 chars) | | Regular inputs | โœ… Yes | โœ… Read/Write | Searchable, fillable, readable | | Password fields | โŒ Not collected | โš ๏ธ Write via explicit user command ONLY | Never indexed, never readable, can only write with explicit user DOM command | | Hidden fields | โŒ Not collected | โš ๏ธ Write via explicit user command ONLY | Never indexed, never readable, can only write with explicit user DOM command | | File uploads | โŒ Not collected | โš ๏ธ Write via explicit user command ONLY | Never indexed, never readable, can only write with explicit user DOM command | | Cookie/Storage | โŒ No | โŒ Inaccessible | Extension has no such permission |

    Key Points:

    1. Sensitive fields are NEVER collected - They don't appear in exportData() results 2. Sensitive fields are NEVER readable - No API exists to read their values 3. Writing requires explicit user command - User must provide exact DOM selector 4. This extension does NOT auto-fill sensitive fields - No credential handling

    Technical Implementation:

    // Automatically skip sensitive fields in collectAllElements()
    const sensitiveTypes = ['password', 'hidden', 'file'];
    if (element.tagName === 'INPUT' && sensitiveTypes.includes(element.type)) {
      return;  // Not collected to index, cannot search via searchElementsByKey
    }
    

    Note: Sensitive fields are not indexed but can still be operated via native DOM API with explicit user command (e.g., document.querySelector('input[type="password"]').value = 'xxx'). This extension does not proactively read values from these fields.


    Installation Steps

    Step 1: Install Page JS Extension

    # 1. Download source code
    git clone https://github.com/TangJing/openclaw_access_web_page_js.git
    cd openclaw_access_web_page_js

    2. Review source code (recommended)

    Check for:

    - Network request code

    - Data exfiltration logic

    - manifest.json permissions

    3. Install extension

    Open chrome://extensions/

    Enable "Developer mode"

    Click "Load unpacked", select project directory

    Step 2: Install OpenClaw Skill

    # 1. Create Skill directory
    mkdir -p ~/.openclaw/workspace/skills/page-js-operation

    2. Save this SKILL.md to the directory

    Path: ~/.openclaw/workspace/skills/page-js-operation/SKILL.md

    3. Refresh Skills

    openclaw agent --message "refresh skills"


    Usage Examples

    Safe Scenario: Search Operation

    # On search engine page
    openclaw agent --message "use page_js_operation to fill search box with 'keyword'"
    openclaw agent --message "use page_js_operation to click search button"
    

    Safe Scenario: Navigation Operation

    # On content page
    openclaw agent --message "use page_js_operation to click next page button"
    openclaw agent --message "use page_js_operation to select category from dropdown"
    

    โŒ Prohibited Scenario: Login Operation

    # DO NOT use on login pages
    

    openclaw agent --message "fill username and password and click login"

    Reason: Involves password fields


    Security Best Practices

    1. Use Dedicated Browser Profile - Create separate Chrome user profile for automation testing - Do not save any real account credentials in test profile

    2. Limit Accessible Domains - Restrict accessible domains in extension settings - Only allow test environments or public websites

    3. User Confirmation Mechanism - Require user confirmation before sensitive operations - E.g., form submissions, deletions

    4. Regular Review - Periodically review extension code for updates - Check Skill execution logs


    Technical Notes

    ElementCollector Working Principle

    // Collection phase
    elementMap = Map  // key โ†’ DOM reference
    keywordMap = Map>  // keyword โ†’ key set

    // key format: id|class|title|innerText // Example: "login-btn|btn primary||Login"

    Why Token Savings

  • Traditional: Send complete HTML (5000-20000 tokens)
  • This Extension: Send element key list only (100-500 tokens)
  • Savings: ~95%+

  • Disclaimer

    By using this Skill, you agree:

    1. You have reviewed and trust the Page JS Extension source code 2. You understand this Skill is for automation testing ONLY, NOT for daily web browsing 3. You understand AI Agent may send element data to LLM services 4. You will not use this Skill on pages involving sensitive information 5. You understand sensitive fields (password/hidden/file) are NEVER collected or readable 6. You understand writing to sensitive fields requires explicit user command 7. You assume all risks of using this Skill 8. The Skill author is not liable for any data breaches or losses

    Intended Use: This Skill is designed exclusively for automated UI testing in development and CI/CD environments. It is NOT a general-purpose web automation tool for personal use.


    Links

  • GitHub Repository
  • Chrome Extension Documentation
  • Chrome DevTools Protocol