diff --git a/docs/tools/browser-login.md b/docs/tools/browser-login.md new file mode 100644 index 000000000..f938db3d1 --- /dev/null +++ b/docs/tools/browser-login.md @@ -0,0 +1,50 @@ +--- +summary: "Manual logins for browser automation + X/Twitter posting" +read_when: + - You need to log into sites for browser automation + - You want to post updates to X/Twitter +--- + +# Browser login + X/Twitter posting + +## Manual login (recommended) + +When a site requires login, **sign in manually** in the **host** browser profile (the clawd browser). + +Do **not** give the model your credentials. Automated logins often trigger antiā€‘bot defenses and can lock the account. + +## X/Twitter: recommended flow + +- **Read/search/threads:** use the **bird** CLI skill (no browser, stable). + - Repo: https://github.com/steipete/bird +- **Post updates:** use the **host** browser (manual login). + +## Sandboxing + host browser access + +Sandboxed browser sessions are **more likely** to trigger bot detection. For X/Twitter (and other strict sites), prefer the **host** browser. + +If the agent is sandboxed, the browser tool defaults to the sandbox. To allow host control: + +```json5 +{ + agents: { + defaults: { + sandbox: { + mode: "non-main", + browser: { + allowHostControl: true + } + } + } + } +} +``` + +Then target the host browser: + +```bash +clawdbot browser open https://x.com --browser-profile clawd --target host +``` + +Or disable sandboxing for the agent that posts updates. + diff --git a/docs/tools/browser.md b/docs/tools/browser.md index 690c3b640..c1f3aa9b1 100644 --- a/docs/tools/browser.md +++ b/docs/tools/browser.md @@ -221,6 +221,7 @@ Notes: ## Security & privacy - The clawd browser profile may contain logged-in sessions; treat it as sensitive. +- For logins and anti-bot notes (X/Twitter, etc.), see [Browser login + X/Twitter posting](/tools/browser-login). - Keep control URLs loopback-only unless you intentionally expose the server. - Remote CDP endpoints are powerful; tunnel and protect them.