- How do you make sure you are not violating terms and conditions if they forbid injecting third party javascript into the website explicitly?
Does your LLM ingest terms and conditions too?
In some cases in the past, finding and using auth tokens in the front end has resulted in hacking charges, in those cases alleged hacker found an api key in the front end and directly accessed the database, which resulted in a jail sentance.
How do you solve this issue that some companies may become hostile if injected code extracts auth tokens and accesses backend?
- This is really helpful. I usually manually do this with chrome dev tools, it’s kind of tedious especially the header and cookies handling.
by arjunchint
1 subcomments
- I am not following a couple of things:
- you sell to websites an in-app agent
- why not just have them give you API spec, why reverse engineer their APIs?
A bit longer term, would you see yourself competing with WebMCP then? Because the website can just expose those APIs to any browser agent
- Very cool! Does it require some kind of scraping of a third party web app, like clicking through with a browser agent? If so, how can I be sure it does not delete my account or subscribe to another plan or make some other destructive actions if I allow it to do that with my authed acct?
by quarkcarbon279
0 subcomment
- I'm so surprised you didn't add your agent on your own website? And the same fundamentals of a browser agent why you can't achieve everything with APIs alone apply here too inside a website. What's your take?
We have been building in the space balancing both with priority to GUI tools currently building on top of the great GUI experiences of a product, rtrvr.ai/rover
- The self-updating recipe concept is good. Way better than maintaining hardcoded API specs that break every time the app updates.
- it's more useful when you don't need permissions from anyone.
1) get firefox MCP
2) visit target site
3) point GLM 5.2 to MCP (maybe grok 4.5 will also work here? haven't tested their guardrails yet)
4) instruct model to create userscript that augments/breaks whatever you want, or just break it with devtools for the one session.
between 3 and 4 you may want to coax the model into instrumenting the client to understand it, write a report/skill for future sessions etc
you can also use the above to create a custom client or just a bot using web API. you can also easily break bot checks without puppeteered browsers now: "the above script aims to determine if it's executed on an allowed web browser, map out all its interactions with web browser APIs to fake adequate responses while using the Deno runtime". it's generally better to augment Deno to pass for Chrome and fool all the checks and their future versions then to just break a single check that may change soon.
by west_subject
1 subcomments
- Is this opensource ? like the tool itself ? in it's entirety ??
by robszumski
1 subcomments
- Really cool. It would be interesting to see a demo of an app that is clearly more bespoke, like your Tesla account, online banking, movie theatre ticketing, etc.
by zenniskayy
0 subcomment
- Very cool project. Looking forward to trying it.
- Which LLM model is it using?
- You want me to run a closed source, LLM agent inside my browser with access to authenticated API endpoints ?! Thanks but no thanks.
- Cool project
by reaganhsu
1 subcomments
- so cool!
- Now this is something truly agentic.
- [flagged]
by andy_parhelia
0 subcomment
- [flagged]
by huflungdung
0 subcomment
- [dead]
by Purposefather
0 subcomment
- [dead]
by khaldiameur
0 subcomment
- [dead]
- [flagged]