secure-shopper 🛒

Find items across one or more shopping sites, summarize candidates, and (optionally) place the order using secure-autofill.

This skill is asynchronous: spawn a sub-agent for browsing so the main chat stays responsive.

Prerequisites

Required skills / plugin

• The secure-autofill skill exists at: ~/.openclaw/skills/secure-autofill/
• The secure-autofill plugin tools are available:
• vault_suggest
• vault_fill

Inherit secure-autofill prerequisites

• A working non-headless Chrome (many shops block headless)
• Gateway environment has required env vars (per secure-autofill)

Concrete check:

command -v google-chrome || command -v google-chrome-stable

Configuration (portable)

Skill-local config files:

• Example (shareable, do not edit): ~/.openclaw/skills/secure-shopper/config.json.example
• Real (machine-specific, written by onboarding): ~/.openclaw/skills/secure-shopper/config.json

Config keys:

• goToSites[]: list of default shopping sites (e.g. Amazon, Walmart)
• location.zip or location.address: used for shipping/availability context
• preferences.priority: one of:
• relevancy
• cheaper
• faster
• reviews
• preferences.maxCandidatesPerSite: cap per site (default 5)
• preferences.safeBrowsing: guardrails to avoid oversized pages / context overflow (applies to all sites)
• startFromSearch: true|false (default true) — prefer a site’s search results page over the homepage/product pages
• maxCandidatesPerPass: number (default 3) — extract a few items at a time (then paginate/scroll)
• snapshot: limits for browser.snapshot
• compact: boolean (default true)
• depth: number (default 6)
• maxChars: number (default 12000)
• fallback: what to do on context_length_exceeded
• retryWithTighterSnapshot: boolean (default true)
• switchToSearchUrl: boolean (default true)

Initialization / installation / onboarding

Preferred (chat-first)

Ask Boss and then write config.json:

1) Go-to shopping website(s)

• Examples: Amazon, Walmart, Target
• Store into goToSites[]

2) Zip code OR proximity address

• Store into location.zip and/or location.address

3) Preferences

• Ask for priority: relevancy vs cheaper vs faster delivery vs higher review scores
• Store into preferences.priority (+ optional notes)

After collecting answers, update the real config file.

Optional helper (terminal):

node ~/.openclaw/skills/secure-shopper/scripts/onboard.mjs \
  --sites 'Amazon=https://www.amazon.com|Walmart=https://www.walmart.com' \
  --zip 46202 \
  --priority cheaper

How it works (agent behavior contract)

0) Require a shopping description

The user must provide a description of their shopping task.

• If they didn’t: stop and ask for it.

1) Honor runtime user prompts

Runtime user instructions (the user’s message for this run) override stored config.

Examples of runtime overrides:

• “Use Target instead of Amazon.”
• “Only show Prime-eligible.”
• “Budget under $50.”

2) Login via secure-autofill (skip if already logged in)

• Use the configured go-to sites, unless the runtime prompt specifies a site.
• If the site session appears already authenticated: skip login.
• Otherwise, use secure-autofill login flow:
• browser.snapshot to get refs
• vault_suggest/vault_fill to fill credentials

3) Make the browsing asynchronous

Immediately after accepting the task, respond with something like:

> I’m en route to the stores. I’ll notify you when I find the best matches.

Then spawn a sub-agent so the main session is not interrupted.

Implementation note:

• Use sessions_spawn with a task that includes the shopping description and any runtime overrides.

4) Browse + identify candidates

The sub-agent browses each chosen site, searches, filters, and identifies candidates that fit the user description.

Context-safe browsing (ALL shopping sites)

Many shopping sites can produce extremely large pages/snapshots. To avoid context_length_exceeded failures:

• Prefer starting from a search results URL (or the site’s search box) rather than the homepage.
• Use small snapshots:
• browser.snapshot(..., compact=true)
• keep depth modest (e.g., 4–8)
• set maxChars and/or target a specific container when possible
• Extract incrementally:
• grab top ~3 candidates, record them, then paginate/scroll and repeat until maxCandidatesPerSite is met
• If a snapshot still overflows:
• retry with a tighter snapshot (smaller depth / smaller region)
• switch to a search URL (/search?q=...) and re-extract
• Do not “reason through” massive dumps. If the page is huge, reduce the page slice first.

Record results to:

/home/miles/.openclaw/workspace/artifacts/secure_shopping/{timestamp}_shopping_task.json

JSON requirements:

• Record:
• userPrompt (shopping description)
• startTime
• endTime
• phase (required):
• candidates_found | awaiting_accept_deny | awaiting_checkout_confirm | ordered
• candidates[]
• Candidates for the same request must live under the same parent task.
• Each candidate must include:
• price (string)
• reviewScore (string/number)
• url
• verdict (short)
• status: pending | accepted | denied | shopped

Suggested candidate shape:

{
  "site": "Amazon",
  "title": "...",
  "price": "$39.99",
  "reviewScore": "4.6 (12,345)",
  "url": "https://...",
  "verdict": "Best value under $50; good reviews; ships tomorrow",
  "status": "pending"
}

Helper module (optional): scripts/task_io.mjs.

5) Notify user + REQUIRE accept/deny (hard gate)

When browsing is done, you must:

1) Set JSON phase = "awaiting_accept_deny".

2) Translate the JSON into a human-friendly summary.

3) In the same message, require an ACCEPT/DENY decision. Do not end the turn without the prompt.

Mandatory message template (copy this structure):

• Recommended pick: