develop-userscripts

por xixu-me

Use ao construir, depurar, empacotar ou publicar userscripts de navegador para Tampermonkey ou ScriptCat, incluindo APIs GM, blocos de metadados, problemas de permissão, configuração de @match/@grant/@connect, scripts de fundo ou agendados do ScriptCat, blocos UserConfig ou fluxos de trabalho de assinatura.

npx skills add https://github.com/xixu-me/skills --skill develop-userscripts
Baixar ZIPGitHub

Userscript work usually breaks at the runtime and metadata boundary, not in the page logic. Choose the runtime first, declare the minimum permissions up front, then debug in the environment where the script actually runs.

When to Use

Use this skill for:

  • writing or fixing a Tampermonkey or ScriptCat userscript
  • debugging injection timing, missing permissions, CSP workarounds, update checks, or GM_* behavior
  • deciding between a portable foreground script and ScriptCat-only @background or @crontab
  • adding config UI with ==UserConfig==
  • packaging a ScriptCat ==UserSubscribe== bundle or preparing a CloudCat-compatible script

Do not use this skill for full browser extension development or general browser automation outside userscript managers.

Runtime Selection

digraph userscript_runtime {
    "Need page DOM or page context?" [shape=diamond];
    "Need persistent or scheduled work?" [shape=diamond];
    "Need to install many scripts as one package?" [shape=diamond];
    "Portable foreground script" [shape=box];
    "ScriptCat background or crontab script" [shape=box];
    "ScriptCat subscription package" [shape=box];

    "Need page DOM or page context?" -> "Portable foreground script" [label="yes"];
    "Need page DOM or page context?" -> "Need persistent or scheduled work?" [label="no"];
    "Need persistent or scheduled work?" -> "ScriptCat background or crontab script" [label="yes"];
    "Need persistent or scheduled work?" -> "Need to install many scripts as one package?" [label="no"];
    "Need to install many scripts as one package?" -> "ScriptCat subscription package" [label="yes"];
    "Need to install many scripts as one package?" -> "Portable foreground script" [label="no"];
}

Preflight

  • Confirm the manager and browser. On Manifest V3 browsers, ScriptCat may require Allow User Scripts or browser developer mode before scripts run.
  • Decide page script versus background script before writing code. ScriptCat background scripts cannot touch the DOM.
  • Start with metadata, not implementation: @match, @grant, @connect, @run-at, and any update URLs.
  • Prefer portable ==UserScript== patterns for ordinary page scripts. Only switch to ScriptCat-only headers when the requested behavior actually needs them.

Workflow

  1. Choose the runtime and metadata first.
  2. Declare the smallest permission surface that fits the task.
  3. Implement against the runtime you chose.
  4. Debug where the code really runs.
    • Foreground scripts: page console plus manager logs.
    • ScriptCat background scripts: run log first, then background.html for real-environment debugging.
  5. Publish with the right update model.
    • Normal scripts: keep @version accurate and add @updateURL or @downloadURL only when needed.
    • Subscription bundles: use ==UserSubscribe==, HTTPS URLs, and subscription-level @connect.

Quick Reference

IntentDefault choiceWatch for
Page UI, DOM scraping, page patchingPortable ==UserScript==@match, @grant, @run-at, CSP-sensitive injection
Cross-origin API accessGM_xmlhttpRequest with explicit @connectMissing hosts, cookie behavior differences, user authorization
Long-running workerScriptCat @backgroundNo DOM, must return Promise for async work
Scheduled taskScriptCat @crontabOnly first @crontab counts, prefer 5-field cron, avoid interval overlap
User-editable settings==UserConfig== plus GM_getValueBlock placement and group.key naming
Silent bundle install and updates==UserSubscribe==HTTPS, user.sub.js, subscription connect overrides child scripts

Common Mistakes

  • Missing @grant for APIs the script actually uses.
  • Missing @connect for hosts used by GM_xmlhttpRequest or GM_cookie.
  • Treating @include as a better default than @match for ordinary host targeting.
  • Using DOM APIs inside ScriptCat background or cron scripts.
  • Returning from a ScriptCat background script before async GM work is truly finished.
  • Mixing ==UserScript== and ==UserSubscribe== packaging concepts.
  • Putting ==UserConfig== in the wrong place or reading config keys without the group.key name.
  • Assuming Tampermonkey and ScriptCat storage, notification, or request behavior is identical.

References

Mais skills de xixu-me

github-actions-docs
xixu-me
Use quando os usuários perguntarem como escrever, explicar, personalizar, migrar, proteger ou solucionar problemas de workflows do GitHub Actions, sintaxe de workflows, gatilhos, matrizes, runners, workflows reutilizáveis, artefatos, cache, segredos, OIDC, implantações, ações personalizadas ou Actions Runner Controller, especialmente quando precisarem de documentação oficial do GitHub, links exatos ou orientação sobre YAML baseada na documentação.
developmentdevopsdocument
use-my-browser
xixu-me
Use quando o trabalho depende da sessão ativa do navegador do usuário ou do estado renderizado visível, em vez de buscas estáticas, especialmente para contextos de depuração de navegador ou elementos ou requisições selecionadas no DevTools, painéis logados ou fluxos de CMS, aplicativos localhost, formulários, uploads, downloads, inspeção de mídia, inspeção de DOM ou iframe, Shadow DOM, ou falhas do navegador que parecem soft 404s, muros de autenticação, verificações anti-bot ou limites de taxa.
browser-automationweb-scrapingtesting
readme-i18n
xixu-me
Use when the user wants to translate a repository README, make a repo multilingual, localize docs, add a language switcher, internationalize the README, or update localized README variants in a GitHub-style repository.
documentdevelopmentapi
openclaw-secure-linux-cloud
xixu-me
Use ao auto-hospedar o OpenClaw em um servidor em nuvem, fortalecer um gateway remoto do OpenClaw, escolher entre tunelamento SSH, Tailscale ou exposição por proxy reverso, ou revisar as configurações padrão de Podman, pareamento, sandboxing, autenticação por token e permissões de ferramentas para uma implantação pessoal segura.
devopssecurity
secure-linux-web-hosting
xixu-me
Use ao configurar, endurecer ou revisar um servidor em nuvem para auto-hospedagem, incluindo DNS, SSH, firewalls, Nginx, hospedagem de sites estáticos, proxy reverso de um aplicativo, HTTPS com Let's Encrypt ou clientes ACME, redirecionamentos seguros de HTTP para HTTPS, ou ajuste opcional de rede pós-lançamento, como BBR.
devopssecurityaws
opensource-guide-coach
xixu-me
Use when a user wants guidance on starting, contributing to, growing, governing, funding, securing, or sustaining an open source project, or asks about contributor onboarding, community health, maintainer burnout, code of conduct, metrics, legal basics, or open source project adoption.
developmentresearch
running-claude-code-via-litellm-copilot
xixu-me
Use ao rotear o Claude Code por um proxy local LiteLLM para o GitHub Copilot, reduzindo gastos diretos com Anthropic, configurando substituições de ANTHROPIC_BASE_URL ou ANTHROPIC_MODEL, ou solucionando falhas na configuração do proxy Copilot, como modelo não encontrado, tráfego localhost ausente ou erros de autenticação GitHub 401/403.
developmentapidevops
skills-cli
xixu-me
Use when users ask to discover, install, list, check, update, remove, back up, restore, sync, or initialize Agent Skills, mention `bunx skills`, `npx skills`, `skills.sh`, or `skills-lock.json`, ask "find a skill for X", or want help extending agent capabilities with installable skills.
developmentapiproductivity