This skill should be used when developing, debugging, refactoring, or building Genesis itself — tasks like "fix this in Genesis", "add a new MCP tool", "wire up the runtime", "Genesis won't start", "create a worktree", "debug the bridge", or "add a capability". Applies to any task modifying files under src/, .claude/, or tests/. Do NOT load for Genesis-as-tool work ("summarize this", "write a LinkedIn post", "research X") or general questions unrelated to Genesis internals.
Evaluate technologies and competitive developments against Genesis architecture
Evaluate content for personal relevance to the user using the user model
End-to-end content creation and publishing. Takes a topic (or generates one), drafts in the user's voice, gets approval via Telegram, and publishes to Medium via browser automation. Invoke with "publish a post about X", "write and publish to Medium", "content-publish", or when an ego-dispatched session needs to create and distribute content.
Apply the user's voice when writing or editing content. Activate when the user says "use the voice-master skill", "write this in my voice", "make this sound like me", or any equivalent instruction. Use for any content type: professional proposals, long-form writing, social posts, emails, or short-form copy. Do NOT activate for code, technical docs, or any output the user hasn't asked to be written in their voice.
First-run onboarding — guides new users through Genesis setup on their first CC session. Configures user profile, essential API keys, Telegram, GitHub backup, and service verification. Triggered automatically when ~/.genesis/setup-complete is absent. Re-runnable by asking Genesis to "run setup" or "reconfigure [section]".
| name | stealth-browser |
| description | Anti-detection behavioral rules for stealth browser automation |
| consumer | cc_any |
| phase | execution |
| keywords | ["browser","stealth","camoufox","cloudflare","turnstile","captcha","anti-bot","navigate","automation","vnc","click","medium","publish"] |
Tool-agnostic anti-detection behavioral rules for browser automation. Applies regardless of browser engine (Camoufox, Playwright, future tools).
Load this skill when: The browser_navigate tool is used with the
default Camoufox (anti-detection) mode. The tool's docstring directs you here.
Bot detection systems look for behavioral signals, not just fingerprints. A perfect fingerprint with robotic behavior is still detectable. The browser engine handles fingerprinting. This skill handles behavior.
Camoufox always launches headed on VNC display :99. This means:
browser_collaborate(True) speeds up timing (human watching)browser_collaborate(False) restores stealth timing (nobody watching)These rules work with the existing browser tools. The tools already implement human-like delays automatically — this section covers what YOU (the LLM session) must do on top.
Before navigating to a target form (especially ATS job applications), browse the company's public careers page first. This builds browsing history and cookie trail in the persistent profile. A cold browser going straight to an application form is a bot signal.
After browser_navigate, wait before interacting. Read the page snapshot,
plan your actions. Do NOT immediately call browser_fill or browser_click.
A human would look at the page first. 1-3 seconds minimum.
Before filling ANY form field, check the accessibility snapshot for hidden fields. Do NOT fill fields that appear to be:
display: none or visibility: hidden in the snapshoturl, website, fax that aren't expected
for the form type (common honeypot names)Filling a honeypot = instant bot detection. When in doubt, skip the field.
Fill fields in visual top-to-bottom order, matching how a human would tab through the form. Do NOT fill them in an arbitrary order.
Before clicking submit:
browser_screenshot()If a form fill or click fails:
Before engaging high-detection sites, check references/per-site/ for
site-specific rules. High-detection sites include:
If no per-site reference exists, conduct a research pass first to understand the site's detection patterns before automating.
These features are now implemented in the browser tools.
browser_fill now types character-by-character with randomized inter-key
intervals (50-200ms) when Camoufox is active. This fires the full
keydown→keypress/input→keyup event chain per character. Atomic fill()
only fires a single input event — trivially detectable.
Note for phone fields with input masks: The per-keystroke typing
interacts with auto-formatting. If a phone field adds characters mid-type
(e.g., "(123) 456-..."), let the field format naturally — the typing
engine handles this. If the result looks wrong, retry with browser_fill
after clearing the field manually.
browser_click now uses hover→mousemove trail→position jitter→realistic
mousedown/mouseup gap when Camoufox is active. Clicks land within the
central 60% of elements, not dead center. The Camoufox humanize=2.5
setting provides native Bézier cursor movement at the browser level.
After browser_navigate, Turnstile is automatically detected and
resolved. The resolution cascade runs without any manual intervention:
You do NOT need to:
Simply call browser_navigate(url) and check the response. If
turnstile.status == "resolved", the page is ready. If "blocked",
a Telegram alert was already sent.
VNC click is the LAST fallback in the automated cascade (Phase 2 in
_wait_for_turnstile). You should almost never need to invoke it
manually — browser_navigate handles it automatically after the widget
click and playwright-captcha both fail.
This section documents the mechanism for debugging only. The VNC protocol injects real input events, bypassing detection of synthetic events (XTest, CDP, Playwright mouse).
x11vnc injects input through the VNC protocol, adding network-realistic timing and event sequencing patterns. While the underlying X11 mechanism is similar to xdotool, the VNC protocol layer produces timing closer to real human input (variable latency, natural event gaps). Playwright uses CDP protocol which Cloudflare directly fingerprints. The practical result: VNC-injected clicks pass Turnstile where xdotool and Playwright fail.
genesis-vnc.service running (x11vnc on port 5900, systemd auto-start)vncdotool installed (pip install vncdotool)x11vnc -display :99 -forever -nopw -quiet -bg -rfbport 5999Find the element — use browser_run_js to get the target
element's bounding rect:
document.querySelector('[style*="display: grid"]').getBoundingClientRect()
Get window geometry — the browser window position on the Xvfb display:
DISPLAY=:99 xdotool getwindowgeometry $(DISPLAY=:99 xdotool search --name "Camoufox")
Calculate screen coordinates:
screen_x = window_x + page_element_xscreen_y = window_y + browser_chrome_height + page_element_ySend human-like mouse movement — move through 1-2 intermediate points with 200-300ms pauses, then click:
vncdo -s localhost::5999 move {start_x} {start_y}
# pause 300ms
vncdo -s localhost::5999 move {mid_x} {mid_y}
# pause 200ms
vncdo -s localhost::5999 move {target_x} {target_y} click 1
Wait and verify — allow 5-8 seconds for server-side verification, then check if the page title changed from "Just a moment..." to the actual page title.
cf_clearance cookie persists for days/weeks after clearing
Turnstile. Subsequent page loads won't trigger the challenge.The browser tools implement automatic delays. These are the profiles:
| Context | Inter-action delay | Notes |
|---|---|---|
| Background (Camoufox, default) | 1-15s log-normal | Stealth priority. Mostly 2-5s, occasional long pauses |
| Collaborate (Camoufox + VNC) | 0.5-2s uniform | Human watching. Responsive but not instant |
| Playwright/Chromium (dev/test) | None | Speed priority. No stealth needed |
The delay fires automatically before browser_fill, browser_click,
and browser_upload. You do NOT need to add manual sleeps.
See references/services.md for external services that supplement
the browser's built-in anti-detection: