
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
Turn any website into an AI-callable API. Passive traffic capture, API schema generation, and execution.
Turn any web app into an API. No official API needed. No browser automation.
Neo is a Chrome extension that passively captures every API call your browser makes, learns the patterns, and lets AI (or you) replay them directly.
AI agents operating web apps today have two options, both bad:
| Approach | Pain |
|---|---|
| Official APIs | Most SaaS doesn't have one, or only exposes 10% of features |
| Browser automation | Screenshot → OCR → click. Slow, fragile, breaks on every UI change |
Neo is the third way. Every web app already has a complete internal API — the frontend calls it every time you click something. Neo captures those calls and makes them replayable.
v2: Now with UI automation. Neo v2 adds an accessibility-tree-based UI layer — snapshot, click, fill, type, press, hover, scroll, select, screenshot, get, wait. When an API exists, use it directly. When it doesn't, Neo can drive the UI through the same CLI. One tool, both layers.
Browse normally → Neo records all API traffic → Schema auto-generated → AI replays APIs directly
→ Or drives UI via a11y tree
The Chrome extension intercepts every fetch() and XMLHttpRequest — URLs, headers, request/response bodies, timing, even which DOM element triggered the call.
Run neo-schema on a domain to auto-generate its API map: endpoints, required auth headers, query parameters, response structure, error codes.
Run API calls inside the browser tab's context via Chrome DevTools Protocol. Cookies, CSRF tokens, session auth — all inherited automatically. No token management needed.
git clone https://github.com/4ier/neo.git
cd neo && npm install && npm run build
npm link # makes `neo` available globally
Load the extension:
chrome://extensionsextension/dist/All commands go through a single CLI: neo <command>.
Requires a browser with CDP (Chrome DevTools Protocol) enabled.
# --- Connection & Sessions ---
neo connect [port] # Connect to CDP, save session
neo connect --electron <app-name> # Auto-discover Electron app's CDP port
neo launch <app> [--port N] # Launch Electron app with CDP enabled
neo discover # Find reachable CDP endpoints on localhost
neo sessions # List saved sessions
neo tab # List CDP targets in active session
neo tab <index> | neo tab --url <pattern> # Switch active tab target
neo inject [--persist] [--tab pattern] # Inject Neo capture script into target
# --- Capture & Traffic ---
neo status # Overview of captured data
neo capture summary # Quick overview
neo capture list github.com --limit 10 # Shows IDs for replay/detail
neo capture list --since 1h # Time-filtered
neo capture domains
neo capture search "CreateTweet" --method POST
neo capture watch x.com # Live tail (like tail -f)
neo capture stats x.com # Method/status/timing breakdown
neo capture export x.com --since 2h > x.json
neo capture export x.com --format har > x.har # HAR 1.2 for Postman/devtools
neo capture import x-captures.json
neo capture prune --older-than 7d
neo capture gc x.com [--dry-run] # Smart dedup
# --- API Replay & Execution ---
neo replay <capture-id> --tab x.com # Replay a captured call
neo exec <url> --method POST --body '{...}' --tab example.com --auto-headers
neo api x.com HomeTimeline # Smart call (schema lookup + auto-auth)
# --- Schema & Analysis ---
neo schema generate x.com # Generate from captures
neo schema generate --all # Batch all domains
neo schema show x.com [--json]
neo schema openapi x.com # Export OpenAPI 3.0 spec
neo schema diff x.com # Changes from previous version
neo schema coverage # Domains with/without schemas
neo label x.com [--dry-run] # Semantic endpoint labels
neo flows x.com [--window 5000] # API call sequence patterns
neo deps x.com [--min-confidence 1] # Response→request data dependencies
neo workflow discover|show|run <name> # Multi-step workflow discovery & replay
neo suggest x.com # AI capability analysis
neo export-skill x.com # Generate agent-ready SKILL.md
# --- UI Automation (v2) ---
neo snapshot [-i] [-C] [--json] # A11y tree with @ref mapping
neo click @ref [--new-tab] # Click element by @ref
neo fill @ref "text" # Clear + fill input
neo type @ref "text" # Append text to input
neo press <key> # Keyboard key (supports Ctrl+a, Enter, etc.)
neo hover @ref # Hover over element
neo scroll <dir> [px] [--selector css] # Scroll by direction
neo select @ref "value" # Set dropdown value
neo screenshot [path] [--full] [--annotate] # Capture screenshot
neo get text @ref | neo get url | neo get title # Extract info
neo wait @ref | neo wait --load networkidle | neo wait <ms> # Wait for element/load/time
# --- Page Interaction ---
neo read github.com # Extract readable text
neo eval "document.title" --tab github.com # Run JS in page
neo open https://example.com # Open URL
# --- Mock & Bridge ---
neo mock x.com [--port 8080 --latency 200] # Mock server from schema
neo bridge [--json] [--interactive] # Real-time WebSocket capture stream
# --- Diagnostics ---
neo doctor # Check Chrome, extension, schemas
neo reload # Reload extension from CLI
neo tabs [filter] # List open Chrome tabs
Neo isn't just for Chrome. Any app with CDP support works — including Electron apps:
# Launch VS Code with CDP and connect
neo launch code --port 9230
neo snapshot # See VS Code's accessibility tree
neo click @14 # Click a menu item
# Or connect to an already-running Electron app
neo connect --electron slack
# Inject Neo's capture script into any CDP target
neo inject --persist # Survives page navigation
neo inject --tab slack # Target specific tab
Sessions are saved automatically. Switch between them with --session:
neo --session vscode snapshot
neo --session chrome api x.com HomeTimeline
Neo v2 adds a full UI interaction layer built on the accessibility tree — no screenshots, no coordinates, no pixel-matching:
# 1. Take a snapshot — each interactive element gets a @ref
neo snapshot
# @1 button "Sign in"
# @2 textbox "Search"
# @3 link "Pricing"
# 2. Interact by @ref
neo click @1
neo fill @2 "AI agents"
neo press Enter
neo screenshot results.png --full
This gives AI agents a fast, semantic way to interact with any UI. Combine with API capture for a dual-channel approach: use APIs when they exist, fall back to UI when they don't.
The bridge creates a persistent WebSocket channel between the extension and CLI. The extension auto-connects to ws://127.0.0.1:9234 and streams every capture in real-time. In interactive mode, you can query the extension directly: ping, status, capture.count, capture.list, capture.domains, capture.search, capture.clear.
┌─────────────────────────────────────┐
│ Chrome / Electron App (CDP) │
│ │
│ inject/interceptor.ts │
│ ├─ Monkey-patches fetch & XHR │
│ ├─ Intercepts WebSocket/SSE │
│ ├─ Tracks DOM triggers (click → │
│ │ API correlation) │
│ └─ Records full request/response │
│ │
│ content/index.ts │
│ └─ Bridges page ↔ extension │
│ │
│ background/index.ts │
│ ├─ Persists to IndexedDB (Dexie) │
│ ├─ Per-domain cap (500 entries) │
│ └─ WebSocket Bridge client │
│ │
└──────────────┬──────────────────────┘
│ Chrome DevTools Protocol
┌──────────────┴──────────────────────┐
│ CLI: neo (Node.js) │
│ │
│ Layer 1: API Capture & Replay │
│ ├─ neo capture → traffic management │
│ ├─ neo schema → API discovery │
│ ├─ neo exec → execute in browser │
│ ├─ neo api → smart schema call │
│ ├─ neo replay → re-run captured │
│ └─ neo flows/deps → pattern analysis│
│ │
│ Layer 2: UI Automation (v2) │
│ ├─ neo snapshot → a11y tree + @refs │
│ ├─ neo click/fill/type/press/hover │
│ ├─ neo scroll/select/screenshot │
│ └─ neo get/wait │
│ │
│ Session Management │
│ ├─ neo connect/launch/discover │
│ ├─ neo tab → target switching │
│ └─ neo inject → script injection │
│ │
└──────────────┬──────────────────────┘
│
┌──────────────┴──────────────────────┐
│ AI Agent (OpenClaw / any LLM) │
│ ├─ API-first: schema → exec/api │
│ ├─ UI fallback: snapshot → click │
│ └─ Dual-channel automation │
└──────────────────────────────────────┘
# 1. Browse X normally — Neo captures GraphQL mutations
neo schema show api.x.com
# 2. Find the CreateTweet endpoint
neo capture search "CreateTweet" --method POST
# 3. Replay with the original auth (cookies inherited automatically)
neo replay abc123 --tab x.com
# 4. Or craft a new call with auto-detected auth headers
neo exec "https://x.com/i/api/graphql/.../CreateTweet" \
--method POST --auto-headers \
--body '{"variables":{"tweet_text":"Hello from Neo!"},...}'
Neo's trigger tracking maps UI interactions to API calls:
neo schema show github.com
# Output includes:
# POST /repos/:owner/:repo/star (3x, 280ms)
# ← click button.js-social-form "Star" (3x)
neo capture watch api.openai.com
# 14:23:01 POST 200 /v1/chat/completions (1230ms)
# 14:23:05 SSE_MSG 200 /v1/chat/completions (0ms) [sse]
neo-capture-v01 database)The interceptor ignores noise automatically:
Neo runs entirely locally — no external servers, no telemetry, no data leaves your machine.
What Neo captures: Every fetch/XHR/WebSocket call your browser makes on every website. This is powerful but invasive by design.
Auth header redaction (v1.1.0+): Auth header values (Bearer tokens, CSRF tokens, cookies, session IDs) are redacted at capture time before storage. IndexedDB only stores header names, not values. When --auto-headers executes an API call, it fetches live auth headers from the browser in real-time via CDP — never replays stored credentials.
What you should know:
| Aspect | Detail |
|---|---|
| Capture scope | <all_urls> — Neo sees traffic on every website, including banking, email, medical portals |
| Content script | Runs in MAIN world (shares JS context with pages) to intercept fetch/XHR |
| CDP port | CLI requires Chrome on port 9222 — any local process can connect to this port |
| Response bodies | Stored in IndexedDB (truncated to 100KB) — may contain personal data from API responses |
| Schema files | Store only endpoint structure (paths, header names, response shapes) — no credentials or user data |
| Export | neo capture export redacts auth by default; --include-auth requires explicit opt-in |
Recommendations:
neo capture domainsneo capture clear banksite.comNeo is a developer tool that trades privacy surface for capability. Use it knowingly.
neo CLI with subcommandsneo replay <id> re-executes captured callsneo api with schema lookup + auto-authneo flows discovers API call sequencesneo deps finds response→request data flowneo doctor for setup verificationneo export-skill generates SKILL.mdneo mock generates local HTTP server from schema--all)neo label)neo workflow)neo connect, neo sessions, --session flagneo launch, neo connect --electronneo tab list/switch targetsneo inject with --persist and --tabsnapshot, click, fill, type, press, hover, scroll, select, screenshot, get, waitMIT
FAQs
Turn any website into an AI-callable API. Passive traffic capture, API schema generation, and execution.
The npm package @4ier/neo receives a total of 14 weekly downloads. As such, @4ier/neo popularity was classified as not popular.
We found that @4ier/neo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.