How AI Agents Automate Travel Booking with browse.sh
How browse.sh by Browserbase turns any travel site into an agent-callable skill — the fetch, api, and browser methods, anti-bot handling, and a registry that tracks breakage.
The travel industry runs on data that almost nobody is allowed to query. Google Flights has no public consumer API. Southwest refuses to syndicate its fares to any third party, so southwest.com is the only place those four-bucket prices exist. Booking.com, Expedia, Kayak, and Priceline all guard their inventory behind aggressive bot protection. For decades the only way to integrate with these sites was an expensive partner agreement or a fragile scraper that broke every time a CSS class changed.
A different approach has quietly become viable: point an AI agent at the real website and let it behave like a person. That is the idea behind browse.sh, the open skill catalog from Browserbase. Each browse.sh skill is a recipe for driving one travel site autonomously — navigating, filling forms, reading results — and 26 of those travel skills now live in the aiskill.market Travel category. This piece explains how that mechanism actually works, why it beats both APIs and scrapers for this problem, and how the registry handles the inevitable: sites that change or go dark.
Key Takeaways
- There are 26 browse.sh travel skills on aiskill.market, each one driving a real travel site — from Google Flights at 306 installs down to single-digit niche sites — through an AI agent rather than an API.
- Skills use three methods in increasing order of cost: a plain
fetch, a reverse-engineeredapicall, or a fullbrowsersession. The cheapest method that works wins. - Anti-bot is the core engineering problem. Skills name the exact protection they face — Akamai, PerimeterX, Cloudflare, DataDome, AWS WAF — and use managed stealth sessions and proxies to read results without tripping the challenge.
- The registry tracks breakage as first-class metadata. When SeatGuru went offline in November 2025, its skill was not deleted — it became a documented dead-end that routes callers to working alternatives.
- Read-only by default. The travel skills shop, compare, and extract; most stop before any payment step, so the agent never books without explicit human confirmation.
The Core Idea: A Browser That Thinks
A traditional scraper is a static script. It knows that the price lives in div.result-price__amount and breaks the moment that class is renamed. It cannot solve a CAPTCHA, cannot drag a slider, cannot recover when the layout shifts. Maintaining a fleet of scrapers across dozens of travel sites is a full-time treadmill of repairs.
An AI agent driving a browser is different in kind. It loads the page, understands what it is looking at, fills in the origin and destination, picks the dates, submits the search, waits for results to render, and reads them — adapting to the layout it actually finds rather than the one a script assumed. When Booking.com moves a filter, the agent finds the filter. When a site gates its data behind a range slider, as the Beno yacht skill does, the agent operates the slider. This is why the same approach scales from Google Flights down to a one-off Dubai yacht catalog: the agent is not hard-coded to any one site's DOM.
Browserbase provides the managed-browser infrastructure underneath — real Chrome sessions in the cloud with realistic fingerprints, proxy rotation, and stealth handling. browse.sh is the open catalog of skills built on top of it. Each skill is the distilled, tested recipe for one site: how to reach the data, which method to use, what anti-bot wall to expect, and what JSON shape to return.
The Three Methods: fetch, api, browser
Not every site needs a full browser. Spinning up a real Chrome session is the most expensive and slowest option, so a well-built skill uses the lightest method that reliably works.
| Method | What it does | Cost / speed | When skills use it |
|---|---|---|---|
fetch | Plain HTTP request, parse the response | Cheapest, fastest | Public deep-links and SSR data blobs (e.g. Google Flights tfs deep-link, Airbnb's embedded GraphQL JSON) |
api | Call a reverse-engineered internal endpoint | Cheap, fast | Documented internal APIs (e.g. Trainline's locations-search endpoint for URN resolution) |
browser | Full managed browser, agent drives the UI | Most expensive | Hard anti-bot, interactive controls, or no usable endpoint (e.g. Cruise Critic stealth session, Beno slider) |
Many of the strongest skills are hybrids. The Trainline skill uses a clean public api call to resolve station codes, then switches to a stealth browser deep-link to read results — cheapest method for the easy half, full browser only where DataDome forces it. The Google Flights skill leans almost entirely on a fetch against a tfs deep-link, which is why it is fast enough to have racked up 306 installs. The art is matching method to site, and that judgment is exactly what the skill encodes.
Anti-Bot Is the Real Engineering
The reason these skills are valuable — and the reason a naive scraper fails — is that every serious travel site runs commercial bot protection. The browse.sh skills treat this as a named, first-class concern. Look across the catalog and you see the walls labeled explicitly: Akamai (Expedia, United, American, Southwest, Costco Travel), PerimeterX (Airbnb, Skyscanner, Priceline), Cloudflare (Sixt, Wanderboat), DataDome (Cruise Critic, Trainline), and AWS WAF (Booking.com).
Handling each is a specific decision baked into the skill. The Priceline deal finder avoids PerimeterX's "Press & Hold" challenge entirely by reading the homepage deal blocks instead of submitting the search form, because the challenge only fires on submit. The Cruise Critic skill leads with a Browserbase stealth session to clear DataDome, then uses the per-review Next.js data endpoint as an enrichment shortcut once it is past the wall. Managed stealth sessions and rotating proxies make the agent's traffic look like ordinary visitor traffic — which it essentially is, since it is a real browser rendering a real page.
What Breaks, and How the Registry Tracks It
Driving live sites means living with the reality that live sites change. The honest measure of a skill registry is not how it behaves when everything works — it is how it behaves when a site goes dark. The browse.sh travel catalog treats breakage as data, not as something to hide.
The clearest example is SeatGuru. TripAdvisor shut SeatGuru.com down on or around 4 November 2025. The homepage now serves a static migration notice and every deep URL returns a 301 redirect to tripadvisor.com from a CloudFront edge function. The skill was not silently deleted. It was rewritten into a documented dead-end: it records exactly what happened, explains the wall, and routes callers to the working alternatives — aerolopa.com, seatlink.com, flightseatmap.com, and seatmaps.com. An agent that calls it gets a useful redirect instead of a confusing failure.
The same pattern covers tools that degrade rather than vanish. The TSA wait-time skill documents that TSA deprecated its public web wait-time tool back in 2023, and points callers to the MyTSA mobile app and third-party trackers instead of pretending the data is still reachable — a documented dead-end that saves an agent the whole loop of trying to scrape a tool that no longer exists. The Costco Travel skill goes a step further: its form-fill flow and public airport-autocomplete API work, but the search-submit endpoint is currently blocked by Akamai for automated sessions, so it ships as a partial, candidate skill, labeled as such. Recording these states is what keeps the catalog trustworthy — a verified working skill, a partial skill, and a documented dead-end are all different, and the registry says which is which.
Why This Matters for the Travel Industry
The implication is larger than any one trip. If any travel site can be turned into an agent-callable skill — with the right anti-bot handling, the cheapest viable method, and honest metadata about whether it currently works — then the integration moat that came from owning an API partnership erodes. Fare data that Southwest refuses to syndicate is still readable from southwest.com by an agent that behaves like a customer. The 26 travel skills on aiskill.market are an early map of that shift, spanning flights, hotels, trains, cars, cruises, and the long tail.
For the practitioner, the takeaway is simpler. These are free, read-only skills you can install and call today. Start with the full 26-skill travel automation guide, drill into flights with the Google Flights, Kayak, and Skyscanner comparison, or explore the long tail with the campsite, yacht, and vegan itinerary skills — every one of them built on the browser-automation foundation described here. For background on the infrastructure layer itself, see browse.sh and Browserbase.
Frequently Asked Questions
What is browse.sh and how does it relate to Browserbase?
browse.sh is an open catalog of browser-automation skills published by Browserbase. Browserbase provides the underlying managed-browser infrastructure — real cloud Chrome sessions with realistic fingerprints, proxy rotation, and stealth handling — and browse.sh is the library of tested recipes built on top of it, each one teaching an AI agent how to drive a specific website. Twenty-six of its travel skills are now listed in the aiskill.market Travel category.
How do AI agents read travel sites that have no public API?
They drive the real website the way a person would. The agent loads the page, fills in the search form, submits it, waits for results to render, and reads them, adapting to the actual layout instead of relying on a fixed scraping pattern. For sites that do expose a usable internal endpoint, a skill will use a lighter fetch or api method first and fall back to a full browser only when necessary.
What are the fetch, api, and browser methods?
They are three ways a skill can reach a site's data, from cheapest to most expensive. fetch is a plain HTTP request against a public deep-link or embedded data blob. api calls a reverse-engineered internal endpoint. browser spins up a full managed browser session so the agent can drive the UI directly. A good skill uses the lightest method that reliably works, and many are hybrids that combine them.
How do these skills get past anti-bot protection like Akamai or PerimeterX?
Each skill names the specific protection it faces and handles it deliberately. The general approach is a managed stealth browser session with realistic fingerprinting and rotating proxies, so the agent's traffic looks like ordinary visitor traffic. Some skills also choose a path that avoids the challenge entirely — the Priceline skill reads homepage deal blocks rather than submitting the form that triggers PerimeterX.
What happens when a travel site goes offline or changes?
The registry tracks it as metadata rather than hiding it. When SeatGuru was shut down in November 2025, its skill was rewritten into a documented dead-end that explains the shutdown and routes callers to working seat-map alternatives. Deprecated tools like the TSA wait-time site and partially blocked ones like Costco Travel are labeled accurately too, so an agent always knows whether a skill is verified working, partial, or a dead-end.
Explore production-ready AI skills at aiskill.market/browse or submit your own skill to the marketplace.