catalan-adobe/browser-probe
skills/browser-probe/SKILL.md
Probe a URL with escalating headless browser configurations to detect CDN bot protection (Akamai, Cloudflare, DataDome, AWS WAF) and produce a browser-recipe.json that downstream playwright-cli consumers use to bypass blocking. Runs an automated escalation ladder: default headless → stealth script injection → system Chrome (TLS fingerprint fix) → persistent profile. Use BEFORE any playwright-cli interaction with an untrusted domain. Triggers on: browser probe, site blocked, headless blocked, CDN blocking, bot detection, browser recipe, can't load page, 403 error page, access denied.
tools
Updated Apr 25, 2026
$ install --global
skillsauthnpx skillsauth add catalan-adobe/skills browser-probeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 25, 2026, 5:17 PM136.3s4 files scanned
SKILL.md
- name:
- browser-probe
- description:
- >-
- blocking. Runs an automated escalation ladder:
- default headless → stealth
- on:
- browser probe, site blocked, headless blocked, CDN blocking, bot
Browser Probe
Detect CDN bot protection blocking headless Chrome and produce a browser recipe
for downstream playwright-cli consumers. Node 22+ required. No npm
dependencies.
When to Use
Run this skill before any playwright-cli interaction with a domain you
haven't tested, or when a downstream script reports a blocked page. Common
triggers:
- First interaction with a new domain
capture-snapshot.jsproduces empty/error snapshots- Page title contains "error", "denied", "blocked", "captcha"
- HTTP 403 responses from headless browser
Script Location
if [[ -n "${CLAUDE_SKILL_DIR:-}" ]]; then
PROBE_DIR="${CLAUDE_SKILL_DIR}/scripts"
else
PROBE_DIR="$(dirname "$(command -v browser-probe.js 2>/dev/null || \
find ~/.claude -path "*/browser-probe/scripts/browser-probe.js" \
-type f 2>/dev/null | head -1)")"
fi
Workflow
Step 1 — Run the probe
node "$PROBE_DIR/browser-probe.js" "$URL" "$OUTPUT_DIR"
The script tries up to 5 browser configurations, stopping at the first success:
- default — headless Chromium (baseline)
- stealth — headless Chromium + JS stealth init script (patches
navigator.webdriver, plugins, languages) - stealth-ua — headless Chromium + JS stealth + User-Agent override (removes
HeadlessChromefrom HTTP UA header via--user-agentlaunch arg) - chrome — system Chrome (
--browser=chrome) + JS stealth + UA override (fixes TLS fingerprint detection) - persistent — system Chrome + JS stealth + UA override + persistent profile (cookie/session challenges)
Output: $OUTPUT_DIR/probe-report.json
Step 2 — Read the report
Load probe-report.json. Check firstSuccess:
- If non-null: a configuration worked. Proceed to Step 3.
- If null: all configurations failed. Skip to Step 5.
Step 3 — Interpret results
Load stealth-config.md and match the
detectedSignals array against the Provider Signature Table.
Key interpretation rules:
cloudfront-blockorstealthfails butstealth-uasucceeds → CloudFront WAF UA-based blocking (matchesHeadlessChromein HTTP User-Agent header). Common on pharma/enterprise sites. Simple fix, no TLS concerns.stealth-uais the minimum working config.cloudfrontwithoutcloudfront-block→ CloudFront present but not actively blocking. Default config may work.akamai-serverorakamai-bot-manager→ TLS fingerprint blocking. System Chrome is the fix. Stealth + UA alone is insufficient.cloudflare-raywithoutcloudflare-challenge→ Cloudflare present but not actively blocking. Default config may work.cloudflare-challenge→ Active JS challenge. System Chrome + stealth- UA usually resolves it.
datadome→ Aggressive detection. System Chrome + stealth + UA required.aws-waf→ Usually UA-based. Stealth + UA often sufficient.- No signals + blocked → Unknown protection. Persistent profile is last resort.
Step 4 — Generate recipe
Write browser-recipe.json to $OUTPUT_DIR:
{
"url": "<probed URL>",
"generated": "<ISO timestamp>",
"cliConfig": {
"browser": {
"browserName": "chromium",
"launchOptions": { "channel": "<from firstSuccess step>" }
}
},
"stealthInitScript": "<full script from stealth-config.md if stealth was needed>",
"notes": "<1-2 sentence explanation of what was detected and why this config>"
}
Config mapping from firstSuccess:
| firstSuccess | cliConfig.launchOptions | stealthInitScript |
|---|---|---|
| default | {} (no channel, no args) | null (not needed) |
| stealth | {} (no channel, no args) | Full stealth script from reference |
| stealth-ua | { "args": ["--user-agent=<realistic UA>"] } | Full stealth script from reference |
| chrome | { "channel": "chrome", "args": ["--user-agent=<realistic UA>"] } | Full stealth script from reference |
| persistent | { "channel": "chrome", "args": ["--user-agent=<realistic UA>"] } | Full stealth script from reference |
If firstSuccess is persistent, add a "persistent": true field to the
recipe so consumers know to use --persistent.
Step 5 — Report results
If a configuration worked:
Browser probe complete for <url>.
Working config: <firstSuccess>
Detected: <detectedSignals or "no bot protection detected">
Recipe: <path to browser-recipe.json>
If all configurations failed:
Browser probe failed for <url>. No headless configuration could load the page.
Tried: default, stealth, stealth-ua, chrome, persistent
Detected signals: <detectedSignals>
Options:
1. Use --headed flag for manual browser interaction
2. Provide pre-captured data (DOM snapshot, screenshots) manually
3. Check if the URL requires authentication or VPN access
Do NOT produce a recipe when all steps fail. Do NOT silently continue with a broken configuration.
How Consumers Use the Recipe
Any script using playwright-cli can consume browser-recipe.json:
- Write
cliConfigto a temp file (e.g.,/tmp/probe-cli-config.json) - If recipe has
stealthInitScript, write it to a temp file and add it to the config'sbrowser.initScriptarray (do NOT useplaywright-cli eval— eval only accepts pure expressions, not multi-statement scripts) - Pass
--config=/tmp/probe-cli-config.jsontoplaywright-cli open - Proceed with normal
goto <url>and workflow
If recipe has "persistent": true, also pass --persistent to open.
Related Skills
catalan-adobe/reduce-page
tools
VerifiedTrustedCommunity
Reduce a webpage to a structural skeleton with semantic tokens. Two-phase pipeline: Phase 1 injects a browser script that tokenizes content ({TEXT}, {HEADING:n}, {IMAGE:WxH}, {CTA:label}, {LINK:label}, {INPUT:type}, {VIDEO}, {ICON}). Phase 2 applies LLM structural reasoning to collapse repeated patterns ({REPEAT:N}), remove decorative wrappers, strip utility classes, and produce skeleton.html + manifest.json. Use when migrating pages to EDS, analyzing page structure, extracting page blueprints, or preparing input for GenAI block generation. Triggers on: reduce page, page skeleton, page blueprint, extract structure, tokenize page, page reduction, structural skeleton, reduce URL.
SKILL.mdUpdated May 29, 2026
catalan-adobe/visual-tree
tools
VerifiedTrustedCommunity
Capture a spatial hierarchy of rendered DOM elements from any webpage. Injects a pre-built script via playwright-cli that walks the DOM, detects layout grids, extracts backgrounds, prunes invisible nodes, promotes elements rendered outside their DOM parent (overlays, fixed navs, modals), and tags overlay nodes with occlusion metadata. Returns three outputs: LLM-friendly indented text, structured JSON tree, and a nodeMap mapping positional IDs to CSS selectors with background and overlay data. Use before page decomposition, overlay detection, brand extraction, or any workflow that needs structured page analysis. Triggers on: visual tree, capture tree, page structure, page hierarchy, DOM tree, capture visual, page analysis, extract tree.
SKILL.mdUpdated Apr 25, 2026
catalan-adobe/video-digest
tools
VerifiedTrustedCommunity
Summarize any video by analyzing both audio and visuals. Downloads via yt-dlp, extracts transcript (YouTube captions or Whisper), pulls scene-detected keyframes, and produces a multimodal summary with clickable timestamped YouTube links. Use this skill whenever the user wants to summarize a YouTube video, digest a talk or tutorial, get notes from a video, extract key points from a recording, or says things like "tl;dw", "summarize this video", "what's in this video", or pastes a YouTube URL and asks for a summary. Also triggers for non-YouTube URLs that yt-dlp supports.
SKILL.mdUpdated Apr 25, 2026
catalan-adobe/spectrum-2-web
development
VerifiedTrustedCommunity
Design and build web UIs with Adobe Spectrum 2 design system. Applies S2 layout principles, visual hierarchy, spacing, and component composition to produce accessible interfaces. Outputs vanilla CSS with Spectrum tokens (static pages) or Spectrum Web Components (interactive apps). Recommends tier based on complexity. Covers sp-theme setup, side-effect imports, overlay system, form patterns, --mod-* token customization, and 14 critical gotchas. Use for: spectrum 2 web, SWC, sp-button, sp-theme, build UI with spectrum, S2 layout, spectrum application, adobe design system, web component form, spectrum overlay.
SKILL.mdUpdated Apr 25, 2026