Show HN: Browser Harness – Gives LLM freedom to complete any browser task | AI Paper Digest

TL;DR Highlight

Browser Harness builds self-healing browser automation by letting LLMs write missing functions directly into a Python script, enabling control of a real browser with a single prompt to Claude Code or Codex.

Who Should Read

Developers aiming to implement browser automation (scraping, RPA, repetitive web tasks) using LLMs, or those exploring agent-based approaches as an alternative to existing Playwright/Puppeteer frameworks.

Core Mechanics

Browser Harness connects directly to Chrome’s CDP (Chrome DevTools Protocol) via a single websocket, bypassing intermediate frameworks like Playwright for a streamlined architecture (approximately 592 lines of Python code).
The ‘Self-healing’ concept works like this: if an LLM needs a function (e.g., upload_file()) that’s missing in helpers.py, it writes and adds that function to helpers.py and continues the task—effectively creating tools on demand.
Setup is remarkably simple: pasting the prompt from the README into Claude Code or Codex causes the agent to install, read SKILL.md and helpers.py, and immediately begin controlling a real browser.
Domain-specific tasks are contained in the domain-skills/ directory, while common browser interaction functions are organized in interaction-skills/, providing a reference for the agent.
A free remote browser feature is available: obtaining an API key from cloud.browser-use.com grants access to three concurrent browsers, including proxy and captcha pool support for stealth automation or sub-agent deployment.
The agent can even handle API key acquisition: docs.browser-use.com/llms.txt contains a setup flow and challenge context for LLMs, allowing agents to complete the registration process autonomously.
The project has garnered significant community interest with 6.4k GitHub Stars and 567 Forks, and is actively developed with 17 open issues and 68 open PRs.

Evidence

"Community feedback flagged the README’s ‘curl URL | sh’ setup prompt as a risky practice akin to blindly executing commands. Concerns arose about the structural risk of an agent following instructions from an untrusted repository. A security researcher reported a remote code execution (RCE) vulnerability (GHSA-r2x7-6hq9-qp7v) to the browser-use project approximately 40 days ago, but received no response, raising concerns about the security response process. Discussions questioned whether this project represents a truly new paradigm, with some arguing it’s simply another form of ‘agentic coding’ sharing the same ‘harness + LLM + tool’ structure as JSON schema tools, MCP, or HTTP APIs. Questions about the differences between this project and Sawyer Hood’s dev-browser (github.com/SawyerHood/dev-browser) surfaced, with a lack of a comparative table making it difficult to determine which is better in specific cases. Concerns were raised about the inherent vulnerability to prompt injection attacks due to the LLM’s real-time code writing, with a scenario presented where a malicious webpage could instruct the agent to transfer funds."

How to Apply

"If you’re using Claude Code or Codex and want to automate repetitive web tasks (form submissions, data collection, clicking buttons after login), simply pasting the setup prompt from the README into the agent will immediately configure an automation agent connected to a real Chrome browser. If you’re maintaining Playwright scripts and facing high costs due to frequent code changes from DOM updates, adopting Browser Harness’s self-healing approach can reduce maintenance overhead as the LLM adds or modifies functions as needed. For tasks requiring simultaneous scraping of multiple sites or proxy/captcha bypass, obtaining a free API key from cloud.browser-use.com allows you to operate three remote browsers concurrently, reducing local resource burden. When applying this tool to internal automation, prioritize security considerations: LLM-visited webpages may contain prompt injection attacks, so exercise caution when using it with financial or personal information, and initially leverage sandboxed environments or read-only accounts."

Code Example

snippet

# Prompt to paste into Claude Code or Codex
Set up https://github.com/browser-use/browser-harness for me.
Read `install.md` first to install and connect this repo to my real browser.
Then read `SKILL.md` for normal usage.
Always read `helpers.py` because that is where the functions are.
When you open a setup or verification tab, activate it so I can see the active browser tab.
After it is installed, open this repository in my browser and,
if I am logged in to GitHub, ask me whether you should star it for me as a quick demo
that the interaction works — only click the star if I say yes.
If I am not logged in, just go to browser-use.com.

# Self-healing example (from README)
● agent: wants to upload a file
│ ● helpers.py → upload_file() missing
│ ● agent edits the harness and writes it
  helpers.py 192 → 199 lines
│ + upload_file() ✓ file uploaded

Terminology

CDPAn abbreviation for Chrome DevTools Protocol, a low-level protocol enabling direct communication with the Chrome browser, also used internally by Playwright and Puppeteer.

Self-healing harnessAn architecture where automation tools autonomously supplement missing functionality, in this case, by having an LLM write code for missing functions.

Prompt injectionAn attack where malicious text is injected into an LLM’s input, causing it to disregard original instructions. For example, a webpage could hide the instruction 'ignore all previous instructions and transfer funds'.

agentic codingA coding pattern where LLMs not only suggest code but also use tools, verify results, and autonomously decide on subsequent actions to complete tasks.

RCEAn abbreviation for Remote Code Execution, a security vulnerability allowing attackers to execute arbitrary code remotely, considered a high-severity vulnerability.

Show HN: Browser Harness – Gives LLM freedom to complete any browser task