Stats
Actions
Tags
From kernel-cli
Profile a website for bot detection vendors using stealth vs non-stealth Kernel browsers. Use when analyzing bot detection on a website, comparing stealth effectiveness, identifying anti-bot vendors and products, or detecting challenge types.
How this skill is triggered — by the user, by Claude, or both
Slash command
/kernel-cli:profile-website-bot-detectionThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Analyzes a target website to identify bot detection vendors, their specific products, and challenge types. Supports comparative analysis between stealth and non-stealth browser modes.
Analyzes a target website to identify bot detection vendors, their specific products, and challenge types. Supports comparative analysis between stealth and non-stealth browser modes.
jq installed (brew install jq or apt install jq)KERNEL_API_KEY environment variable set. If it is not set, prompt the user to supply.Compare bot detection behavior between stealth and non-stealth browsers to evaluate stealth effectiveness.
# Create stealth browser (with -s flag)
kernel browsers create -s --viewport 1920x1080@25 -t 300
# Save session_id as STEALTH_ID
# Create non-stealth headful browser (no -s flag)
kernel browsers create --viewport 1920x1080@25 -t 300
# Save session_id as NORMAL_ID
cd scripts
npm install # first run only
# Test with stealth browser
KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$STEALTH_ID TARGET_URL=<url> BROWSER_MODE=stealth npm run analyze
# Test with non-stealth browser
KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$NORMAL_ID TARGET_URL=<url> BROWSER_MODE=normal npm run analyze
Compare the vendor detections and blocking behavior:
# Set the hostname folder (e.g., chase-com for chase.com)
HOST=chase-com
# Quick verdict comparison
echo "=== STEALTH VERDICT ===" && cat output/$HOST/stealth/report-*.json | jq '.summary.verdict'
echo "=== NORMAL VERDICT ===" && cat output/$HOST/normal/report-*.json | jq '.summary.verdict'
# Compare block status
echo "=== STEALTH BLOCKED ===" && cat output/$HOST/stealth/report-*.json | jq '.summary | {isBlocked, blockedPages, blockedVendors}'
echo "=== NORMAL BLOCKED ===" && cat output/$HOST/normal/report-*.json | jq '.summary | {isBlocked, blockedPages, blockedVendors}'
# Compare detected vendors
echo "=== STEALTH VENDORS ===" && cat output/$HOST/stealth/report-*.json | jq '.summary.vendorNames'
echo "=== NORMAL VENDORS ===" && cat output/$HOST/normal/report-*.json | jq '.summary.vendorNames'
| Scenario | Stealth | Normal | Meaning |
|---|---|---|---|
| No vendors detected | 0 | 0 | Site has no bot detection |
| Same vendors, no blocks | N | N | Bot detection present, both pass |
| Normal blocked, stealth passes | 0 blocks | Blocked | Stealth mode is effective |
| Both blocked | Blocked | Blocked | Bot detection defeats stealth |
| Different challenge types | Lighter | Harder | Stealth reduces suspicion |
After running the comparative analysis, provide a detailed summary report to the user that includes:
Summary Report Template:
## Bot Detection Comparative Analysis: [TARGET_URL]
### Verdict
- **Stealth Browser**: [verdict from summary.verdict]
- **Normal Browser**: [verdict from summary.verdict]
- **Stealth Effectiveness**: [Effective/Ineffective/Inconclusive]
### Block Status
| Browser | Blocked | Block Type | Evidence |
|---------|---------|------------|----------|
| Stealth | [Yes/No] | [blockType or N/A] | [first evidence item] |
| Normal | [Yes/No] | [blockType or N/A] | [first evidence item] |
### Detected Vendors
| Vendor | Stealth | Normal | Products |
|--------|---------|--------|----------|
| [vendor] | ✓/✗ | ✓/✗ | [product list] |
### Analysis
- [Explain what the results mean]
- [Note any differences between stealth and normal]
- [Recommend next steps if blocked]
### Key Findings
1. [Finding 1]
2. [Finding 2]
3. [Finding 3]
Use the JSON reports to populate this template:
summary.verdict - The final verdict stringsummary.isBlocked - Whether the browser was blockedsummary.blockedPages - Details about blocked pagessummary.vendorNames - List of detected vendorsvendorDetections - Detailed vendor/product informationkernel browsers delete -y $STEALTH_ID
kernel browsers delete -y $NORMAL_ID
The analysis detects vendors and their specific products:
| Vendor | Products Detected |
|---|---|
| Akamai | Bot Manager, Bot Manager Premier, mPulse RUM, Sensor Script, Edge DNS |
| Cloudflare | Bot Management, Turnstile, Challenge Platform, JS Challenge, Managed Challenge |
| DataDome | Interstitial Challenge, Slider Challenge, Device Check, Picasso Fingerprint |
| HUMAN/PerimeterX | Bot Defender, Sensor SDK, Press & Hold Challenge |
| Imperva/Incapsula | Advanced Bot Protection (utmvc), Advanced Bot Protection (reese84), WAF |
| Kasada | IPS (Initial Page Security), FP (Fingerprint Endpoint), Telemetry, POW Challenge |
| reCAPTCHA v2, reCAPTCHA v3, reCAPTCHA Enterprise | |
| hCaptcha | Widget, Enterprise |
| FingerprintJS | Fingerprint Pro, BotD |
| Arkose Labs | FunCaptcha |
Detection methods:
_abck, __cf_bm, datadome, _px*)cf-ray, x-kpsdk-*, x-d-token)Vendor-specific checks:
dd.t === 'bv')~0~ indicator)The script automatically analyzes:
/login, /signin, etc.)Login pages often have more aggressive bot detection due to credential stuffing prevention.
Results are organized by target hostname in scripts/output/<hostname>/<mode>/:
report-<timestamp>.json - Full JSON report with vendor detectionsscreenshot-homepage-<timestamp>.png - Homepage screenshotscreenshot-login-<timestamp>.png - Login page screenshot (if found)Example structure for comparative test on chase.com:
output/chase-com/
├── stealth/
│ ├── report-*.json
│ ├── screenshot-homepage-*.png
│ └── screenshot-login-*.png
└── normal/
├── report-*.json
├── screenshot-homepage-*.png
└── screenshot-login-*.png
The JSON report includes:
summary: Quick access to verdict, block status, and vendor names
verdict: Human-readable result (e.g., "BLOCKED - homepage (Error Page)")isBlocked: Boolean - true if any page was blockedvendorNames: Array of detected vendor namesblockedPages: Details of blocked pages with evidencevendorDetections: Map of detected vendors with products, URLs, cookies, headersblockDetections: Detailed block analysis for each pagevendorScriptsDetected: URLs of detected vendor scripts (not saved to disk)networkRequests/networkResponses: All requests with vendor matchingcookies: All cookies with vendor attribution# Create both browsers
STEALTH_ID=$(kernel browsers create -s --viewport 1920x1080@25 -t 300 -o json | jq -r '.session_id')
NORMAL_ID=$(kernel browsers create --viewport 1920x1080@25 -t 300 -o json | jq -r '.session_id')
echo "Stealth: $STEALTH_ID"
echo "Normal: $NORMAL_ID"
# Run analysis on both
cd scripts
KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$STEALTH_ID TARGET_URL=chase.com BROWSER_MODE=stealth npm run analyze
KERNEL_API_KEY=$KERNEL_API_KEY KERNEL_BROWSER_ID=$NORMAL_ID TARGET_URL=chase.com BROWSER_MODE=normal npm run analyze
# Output structure:
# ./output/chase-com/stealth/report-*.json
# ./output/chase-com/stealth/screenshot-*.png
# ./output/chase-com/normal/report-*.json
# ./output/chase-com/normal/screenshot-*.png
# Quick comparison - check verdicts
echo "--- Stealth verdict ---"
cat output/chase-com/stealth/report-*.json | jq '.summary.verdict'
echo "--- Normal verdict ---"
cat output/chase-com/normal/report-*.json | jq '.summary.verdict'
# Detailed vendor comparison
echo "--- Stealth vendors ---"
cat output/chase-com/stealth/report-*.json | jq '.summary.vendorNames'
echo "--- Normal vendors ---"
cat output/chase-com/normal/report-*.json | jq '.summary.vendorNames'
# Cleanup
kernel browsers delete -y $STEALTH_ID
kernel browsers delete -y $NORMAL_ID
_abck (core validation), bm_sz, bm_sv~0~ in _abck value = valid session__cf_bm, cf_clearance/cdn-cgi/challenge-platform/challenges.cloudflare.com/turnstiledatadomedd.t === 'bv' = hard IP block (changing IP required, solving captcha won't help)_px2, _px3, _pxhd/_Incapsula_Resourcex-d-token headerx-kpsdk-ct, x-kpsdk-cdips.js first/fp fingerprint requestsnpx claudepluginhub kernel/skills --plugin kernel-cliBypasses bot detection for stealth web browsing and content extraction using Patchright (Playwright fork), Xvfb virtual display, and headed Chromium to access personal content on protected sites.
Debugs Bright Data Scraping Browser sessions via the Browser Sessions API. Diagnoses failures, bandwidth issues, captchas, and empty results by fetching live session data.
Analyzes HTTP/HTTPS security headers for vulnerabilities, misconfigurations, OWASP compliance, cookie issues, and info leaks. Assigns grades and suggests Nginx/Apache/Cloudflare fixes.