develop-userscripts

por xixu-me

Use when building, debugging, packaging, or publishing browser userscripts for Tampermonkey or ScriptCat, including GM APIs, metadata blocks, permission issues, @match/@grant/@connect setup, ScriptCat background or scheduled scripts, UserConfig blocks, or subscription workflows.

npx skills add https://github.com/xixu-me/skills --skill develop-userscripts
Descargar ZIPGitHub

Userscript work usually breaks at the runtime and metadata boundary, not in the page logic. Choose the runtime first, declare the minimum permissions up front, then debug in the environment where the script actually runs.

When to Use

Use this skill for:

  • writing or fixing a Tampermonkey or ScriptCat userscript
  • debugging injection timing, missing permissions, CSP workarounds, update checks, or GM_* behavior
  • deciding between a portable foreground script and ScriptCat-only @background or @crontab
  • adding config UI with ==UserConfig==
  • packaging a ScriptCat ==UserSubscribe== bundle or preparing a CloudCat-compatible script

Do not use this skill for full browser extension development or general browser automation outside userscript managers.

Runtime Selection

digraph userscript_runtime {
    "Need page DOM or page context?" [shape=diamond];
    "Need persistent or scheduled work?" [shape=diamond];
    "Need to install many scripts as one package?" [shape=diamond];
    "Portable foreground script" [shape=box];
    "ScriptCat background or crontab script" [shape=box];
    "ScriptCat subscription package" [shape=box];

    "Need page DOM or page context?" -> "Portable foreground script" [label="yes"];
    "Need page DOM or page context?" -> "Need persistent or scheduled work?" [label="no"];
    "Need persistent or scheduled work?" -> "ScriptCat background or crontab script" [label="yes"];
    "Need persistent or scheduled work?" -> "Need to install many scripts as one package?" [label="no"];
    "Need to install many scripts as one package?" -> "ScriptCat subscription package" [label="yes"];
    "Need to install many scripts as one package?" -> "Portable foreground script" [label="no"];
}

Preflight

  • Confirm the manager and browser. On Manifest V3 browsers, ScriptCat may require Allow User Scripts or browser developer mode before scripts run.
  • Decide page script versus background script before writing code. ScriptCat background scripts cannot touch the DOM.
  • Start with metadata, not implementation: @match, @grant, @connect, @run-at, and any update URLs.
  • Prefer portable ==UserScript== patterns for ordinary page scripts. Only switch to ScriptCat-only headers when the requested behavior actually needs them.

Workflow

  1. Choose the runtime and metadata first.
  2. Declare the smallest permission surface that fits the task.
  3. Implement against the runtime you chose.
  4. Debug where the code really runs.
    • Foreground scripts: page console plus manager logs.
    • ScriptCat background scripts: run log first, then background.html for real-environment debugging.
  5. Publish with the right update model.
    • Normal scripts: keep @version accurate and add @updateURL or @downloadURL only when needed.
    • Subscription bundles: use ==UserSubscribe==, HTTPS URLs, and subscription-level @connect.

Quick Reference

IntentDefault choiceWatch for
Page UI, DOM scraping, page patchingPortable ==UserScript==@match, @grant, @run-at, CSP-sensitive injection
Cross-origin API accessGM_xmlhttpRequest with explicit @connectMissing hosts, cookie behavior differences, user authorization
Long-running workerScriptCat @backgroundNo DOM, must return Promise for async work
Scheduled taskScriptCat @crontabOnly first @crontab counts, prefer 5-field cron, avoid interval overlap
User-editable settings==UserConfig== plus GM_getValueBlock placement and group.key naming
Silent bundle install and updates==UserSubscribe==HTTPS, user.sub.js, subscription connect overrides child scripts

Common Mistakes

  • Missing @grant for APIs the script actually uses.
  • Missing @connect for hosts used by GM_xmlhttpRequest or GM_cookie.
  • Treating @include as a better default than @match for ordinary host targeting.
  • Using DOM APIs inside ScriptCat background or cron scripts.
  • Returning from a ScriptCat background script before async GM work is truly finished.
  • Mixing ==UserScript== and ==UserSubscribe== packaging concepts.
  • Putting ==UserConfig== in the wrong place or reading config keys without the group.key name.
  • Assuming Tampermonkey and ScriptCat storage, notification, or request behavior is identical.

References

Más skills de xixu-me

github-actions-docs
xixu-me
Usar cuando los usuarios pregunten cómo escribir, explicar, personalizar, migrar, asegurar o solucionar problemas de flujos de trabajo de GitHub Actions, sintaxis de flujos de trabajo, disparadores, matrices, ejecutores, flujos de trabajo reutilizables, artefactos, almacenamiento en caché, secretos, OIDC, despliegues, acciones personalizadas o Actions Runner Controller, especialmente cuando necesiten documentación oficial de GitHub, enlaces exactos o guía de YAML basada en documentación.
developmentdevopsdocument
use-my-browser
xixu-me
Úsalo cuando el trabajo dependa de la sesión activa del navegador del usuario o del estado renderizado visible, en lugar de recuperaciones estáticas, especialmente en contextos de depuración del navegador o elementos o solicitudes seleccionados en DevTools, paneles con sesión iniciada o flujos de CMS, aplicaciones en localhost, formularios, cargas, descargas, inspección de medios, inspección de DOM o iframes, Shadow DOM, o fallos del navegador que parezcan errores 404 suaves, muros de autenticación, comprobaciones anti-bot o límites de tasa.
browser-automationweb-scrapingtesting
readme-i18n
xixu-me
Usar cuando el usuario quiera traducir un README de repositorio, hacer un repositorio multilingüe, localizar documentación, agregar un selector de idioma, internacionalizar el README o actualizar variantes localizadas del README en un repositorio estilo GitHub.
documentdevelopmentapi
openclaw-secure-linux-cloud
xixu-me
Úsalo al autoalojar OpenClaw en un servidor en la nube, al endurecer una puerta de enlace remota de OpenClaw, al elegir entre túneles SSH, Tailscale o exposición mediante proxy inverso, o al revisar Podman, emparejamiento, sandboxing, autenticación por token y valores predeterminados de permisos de herramientas para una implementación personal segura.
devopssecurity
secure-linux-web-hosting
xixu-me
Úsalo al configurar, endurecer o revisar un servidor en la nube para autoalojamiento, incluyendo DNS, SSH, cortafuegos, Nginx, alojamiento de sitios estáticos, proxy inverso de una aplicación, HTTPS con Let's Encrypt o clientes ACME, redirecciones seguras de HTTP a HTTPS, o ajuste opcional de red posterior al lanzamiento como BBR.
devopssecurityaws
opensource-guide-coach
xixu-me
Úsalo cuando un usuario quiera orientación sobre cómo iniciar, contribuir, hacer crecer, gobernar, financiar, asegurar o mantener un proyecto de código abierto, o pregunte sobre la incorporación de colaboradores, la salud de la comunidad, el agotamiento de los mantenedores, el código de conducta, las métricas, los aspectos legales básicos o la adopción de proyectos de código abierto.
developmentresearch
running-claude-code-via-litellm-copilot
xixu-me
Usar al enrutar Claude Code a través de un proxy local de LiteLLM hacia GitHub Copilot, reduciendo el gasto directo en Anthropic, configurando anulaciones de ANTHROPIC_BASE_URL o ANTHROPIC_MODEL, o solucionando fallos en la configuración del proxy de Copilot como modelo no encontrado, falta de tráfico localhost, o errores de autenticación 401/403 de GitHub.
developmentapidevops
skills-cli
xixu-me
Use when users ask to discover, install, list, check, update, remove, back up, restore, sync, or initialize Agent Skills, mention `bunx skills`, `npx skills`, `skills.sh`, or `skills-lock.json`, ask "find a skill for X", or want help extending agent capabilities with installable skills.
developmentapiproductivity