Skill

behavioral-anti-detection

automationai-agentspatternbreakthrough
Trigger

User is building automation that interacts with services that have bot detection

Version: 260420

Changelog

260420: multiple edits

  • v_migrate: Changelog migrated from table to YYMMDD H3 format per versioning-standard rule 2 (V1.6 of skills upgrade plan)
  • v6: Added license, sources, skill_path per V6.1/V6.2 of skills upgrade plan.
  • v1.5: Added ## Quality Checks section per V1.5 of ~/vault/plans/2026-04-20-vault-skills-upgrade-plan.md

260403: Added Visual Enrichment section + self-improving-agent-patterns cross-reference

260331: Initial creation

Description

Use this when building automation that interacts with bot-detection-enabled services. It solves the fundamental insight that behavioral detection fires before code detection: LinkedIn and other platforms flag accounts based on timing patterns and interaction behavior, not DOM manipulation technique. Cleaning up your code does nothing if your delays are uniform and your cursor never moves.

The pattern assembles six layers that work together. Gaussian timing replaces uniform random delays: every pause uses mean ± stddev so the distribution looks human. Reading simulation adds 20-40 second dwell time per page with scroll-pause-scroll patterns before any action. Bezier mouse movement follows natural curves to hover targets before clicking. Session pacing spaces submissions 8 minutes apart (±3 min gaussian), caps at 10 per session, enforces 3-hour session max and 2-hour breaks between sessions. Dead code removal strips detectable automation patterns from DOM interaction code. Safety rails auto-pause when the threshold is hit (3 submissions in 30 minutes): this is correct behavior, not a bug.

The result of applying all six layers in projects/jobs-apply/_index: account unrestricted since 2026-03-26 after a restriction on 2026-03-25. Run 7 achieved 83% session success, Run 10 hit 100%. The LinkedIn remediation went through 10 iterations; this skill codifies what survived.

Interface

Trigger: Building any browser automation that interacts with bot-detection-enabled services.

Inputs:

  • target_service: which platform (timing profiles vary by service; LinkedIn requires stricter pacing than Greenhouse)
  • action_type: what the automation does (form fill, search, navigation: each needs its own timing profile)
  • rate_limit: maximum acceptable actions per time window (hard ceiling, never approach it)

Outputs:

  • timing_config: gaussian delay parameters (mean, stddev, min, max) for each action type in milliseconds
  • behavioral_profile: reading simulation config, mouse movement path type, scroll pattern
  • safety_rails: auto-pause threshold, daily limit, session max, quiet hours window

Provenance

Developed through 10 iterations of the LinkedIn remediation plan after a behavioral restriction on 2026-03-25. Six layers deployed progressively: Iterations 1-2 added gaussian timing; Iteration 3 added reading simulation; Iteration 4 added Bezier mouse movement; Iterations 5-6 added session pacing and dead-code removal. Full history: experiments/jobs-apply/2026-03-25-linkedin-anti-detection-suite.

Pitfall that forced this pattern: topics/pitfalls/linkedin-behavioral-detection: “uniform random timing is detectable even when code is clean.” Related skill: skills/multi-platform-form-filling (the form-filling layer that this skill wraps).

Usage Notes

  • Gaussian everything. Math.random() * 1000 is detectable. gaussianRandom(500, 150) is not. Apply to every delay: between keystrokes, before clicks, after page loads, between submissions.
  • Reading simulation is the highest-signal layer. Skipping it is the single fastest way to trigger restrictions. The 20-40 second dwell time is not optional.
  • The safety rail (auto-pause after 3 submissions in 30 minutes) is intentional. Hitting it means the session is pacing correctly.
  • Quiet hours (23:00-07
    ) are non-negotiable. Automation running at 2am is a pattern, not just a rate.
  • Max 10-12 submissions per day across all sessions. Volume triggers detection independent of timing quality.
  • One retry maximum. Multiple rapid retries on failure are more detectable than the original failure.

Quality Checks

  1. Gaussian timing distribution. Session-log inter-action delays should fit a Gaussian with mean/stddev per persona profile. Deterministic patterns leak automation signatures: verify via Rscript Shapiro-Wilk test on a sample session.
  2. Session personality consistency. Same profile across runs produces similar cadence (within 1σ). Wild variance between runs suggests the personality layer isn’t being seeded.
  3. Shannon entropy of inter-action delays > 3.0 bits. Low entropy = predictable = detectable.
  4. Headers/user-agents rotate per session. curl-impersonate fingerprint hash should change session-to-session; fixed fingerprint is a detection vector.
  5. CAPTCHA handling logged, not silently bypassed. Any CAPTCHA hit writes a captcha_seen event; silent retries hide detection signal.
  6. No deterministic keystroke patterns. Verify typing delays aren’t constant multiples of 100ms: that’s a tell.

Visual Enrichment

When this skill produces output that benefits from visualization:

Finding TypeToolSpecification
Gaussian timing distributionsR viz (skills/r-visualization-pipeline)Family: DST, Template: Journal
Session success rate over timeR viz (skills/r-visualization-pipeline)Family: TS, Template: Journal
Anti-detection layer stackFigma MCP (generate_diagram)Type: Sequence diagram

See topics/visual-output-routing for the full routing decision framework.

Self-improvement context: This skill relates to Pattern 3 (Metric Ratchet) from skills/self-improving-agent-patterns. Session success rate was ratcheted across 10 runs.