Loading...
Loading...
Use kuri-agent to automate Chrome — navigate pages, interact with elements via a11y refs, capture screenshots, run security audits, enumerate cookies/JWTs, probe for IDOR vulnerabilities, and make authenticated fetches. Use when the user wants to automate a browser, test a web app, scrape data, or run security trajectories against a live site.
npx skill4agent add unbrowse-ai/unbrowse kuri-agentkuri-agent~/.kuri/session.json./zig-out/bin/kuri-agentkuri-agentzig build agent -Doptimize=ReleaseFast# 1. Find a Chrome tab
kuri-agent tabs
# → [{"id":"ABC...","url":"https://...","ws":"ws://127.0.0.1:9222/devtools/page/ABC..."}]
# 2. Attach to a tab
kuri-agent use ws://127.0.0.1:9222/devtools/page/ABC...
# 3. Navigate + interact
kuri-agent go https://example.com
kuri-agent snap --interactive # get clickable elements as @eN refs
kuri-agent click e2
kuri-agent type e3 "hello world"
kuri-agent shot # screenshot → ~/.kuri/screenshots/<ts>.pngkuri-agent tabs [--port N] # list Chrome tabs (default port 9222)
kuri-agent use <ws_url> # attach to tab, save session
kuri-agent status # show current sessionkuri-agent go <url>
kuri-agent back / forward / reloadkuri-agent snap # full a11y snapshot (JSON with @eN refs)
kuri-agent snap --interactive # only interactive elements
kuri-agent snap --text # plain text output
kuri-agent snap --depth 3 # limit tree depth
kuri-agent text # get all page text
kuri-agent text "css-selector" # get text of a specific element
kuri-agent eval "document.title" # run JavaScript
kuri-agent shot [--out path.png] # take screenshotkuri-agent click <ref> # ref is @e3 or e3
kuri-agent type <ref> <text>
kuri-agent fill <ref> <value>
kuri-agent select <ref> <value>
kuri-agent hover <ref>
kuri-agent focus <ref>
kuri-agent scrollkuri-agent cookies # list cookies with [Secure] [HttpOnly] [SameSite] flags
kuri-agent headers # check security response headers (CSP, HSTS, X-Frame-Options)
kuri-agent audit # full audit: HTTPS + headers + JS-visible cookies, outputs score/issues
kuri-agent storage [local|session|all] # dump localStorage / sessionStorage
kuri-agent jwt # scan storage+cookies for JWTs, decode and print payloads
kuri-agent fetch <METHOD> <url> [--data <json>] # authenticated fetch using session cookies + headers
kuri-agent probe <url-template> <start> <end> # IDOR probe: replaces {id} with start..endkuri-agent set-header Authorization "Bearer eyJ..."
kuri-agent set-header X-Custom-Auth "my-token"
kuri-agent show-headers # print stored headers
kuri-agent clear-headers # remove all stored headerskuri-agent go https://target.example.com
kuri-agent cookies
# cookies (2):
# session_id domain=.example.com [Secure] [HttpOnly] [SameSite=Strict]
# csrf_token domain=.example.com [Secure] [!HttpOnly]kuri-agent audit
# → {"protocol":"https:","score":4,"issues":["MISSING:content-security-policy","COOKIES_EXPOSED_TO_JS:2"]}kuri-agent jwt
# → {"found":1,"tokens":[{"source":"localStorage:token","payload":{"sub":"123","role":"student"}}]}kuri-agent set-header Authorization "Bearer eyJ..."
kuri-agent probe "https://api.example.com/v2/courses/{id}/assessments" 30 40
# → [{"id":30,"status":403},{"id":34,"status":200},{"id":35,"status":403}]kuri-agent fetch GET "https://api.example.com/v2/user"
kuri-agent fetch POST "https://api.example.com/v2/submissions" --data '{"score":100}'kuri-agent audit | jq '.result.result.value | fromjson'
kuri-agent headers | jq '.result.result.value | fromjson | .headers'