by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's commands and requirements match a browser-automation CLI, but inconsistent upstream/source references and instructions to install a global npm package without a clear, verifiable source make the package footprint unclear and worth caution.
评估建议
This skill appears to be a normal browser-automation wrapper, but do not blindly run the recommended global npm install or git clone without verifying the upstream package/repository. Before installing or running it: 1) confirm the exact npm package owner and inspect the package on npm (who published it, version, and files); 2) verify the authoritative GitHub repo (the SKILL.md and README reference different orgs); 3) prefer running in an isolated environment (container/VM) until you trust the p...详细分析 ▾
✓ 用途与能力
Name/description (headless browser CLI) align with the SKILL.md commands and required binaries (node, npm). Requiring node/npm is reasonable for an npm-published CLI fallback; the Rust-based source path is optional and reasonable as an alternative build path.
ℹ 指令范围
SKILL.md stays within browser automation scope (open, snapshot, click, fill, upload, screenshot, record). It does not instruct reading unrelated host config or secrets, but it does include commands that interact with local files (upload <file>, screenshot output to file) and preserves cookies/storage — expected for a browser tool but a potential data-exfil/exposure vector if misused. The skill allows navigating arbitrary URLs, which can access internal resources if the agent runs in a privileged environment.
⚠ 安装机制
This is instruction-only (no install spec), which reduces automatic install risk, but SKILL.md recommends 'npm install -g agent-browser' and also gives two differing source repos (git clone https://github.com/vercel-labs/agent-browser in SKILL.md vs README suggesting https://github.com/openclaw/agent-browser and elsewhere 'agent-browser' npm). The lack of a single authoritative source and the recommendation to perform a global npm install are inconsistent and increase risk — you should verify the exact npm package and repository before installing.
ℹ 凭证需求
The skill declares no environment variables or credentials (appropriate). However, runtime commands can read/write local files (upload, screenshot, record), preserve cookies/storage, and set HTTP basic auth via commands — all legitimate for a browser tool but potentially sensitive if the agent is given access to private files, cookies, or internal sites.
✓ 持久化与权限
Skill does not request always:true and has no install-time hooks or claimed persistent system changes. It's user-invocable and allows autonomous model invocation (platform default) — not a unique escalation of privilege.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/30
Initial release
● Pending
安装命令 点击复制
官方npx clawhub@latest install agent-browser-tool
镜像加速npx clawhub@latest install agent-browser-tool --registry https://cn.clawhub-mirror.com
技能文档
# Browser Automation with agent-browser
Installation
npm recommended
``bash
npm install -g agent-browser
agent-browser install
agent-browser install --with-deps
`
From Source
`bash
git clone https://github.com/vercel-labs/agent-browser
cd agent-browser
pnpm install
pnpm build
agent-browser install
`
Quick start
`bash
agent-browser open # Navigate to page
agent-browser snapshot -i # Get interactive elements with refs
agent-browser click @e1 # Click element by ref
agent-browser fill @e2 "text" # Fill input by ref
agent-browser close # Close browser
`
Core workflow
- Navigate:
agent-browser open
Snapshot: agent-browser snapshot -i (returns elements with refs like @e1, @e2)
Interact using refs from the snapshot
Re-snapshot after navigation or significant DOM changes
Commands
Navigation
`bash
agent-browser open # Navigate to URL
agent-browser back # Go back
agent-browser forward # Go forward
agent-browser reload # Reload page
agent-browser close # Close browser
`
Snapshot (page analysis)
`bash
agent-browser snapshot # Full accessibility tree
agent-browser snapshot -i # Interactive elements only (recommended)
agent-browser snapshot -c # Compact output
agent-browser snapshot -d 3 # Limit depth to 3
agent-browser snapshot -s "#main" # Scope to CSS selector
`
Interactions (use @refs from snapshot)
`bash
agent-browser click @e1 # Click
agent-browser dblclick @e1 # Double-click
agent-browser focus @e1 # Focus element
agent-browser fill @e2 "text" # Clear and type
agent-browser type @e2 "text" # Type without clearing
agent-browser press Enter # Press key
agent-browser press Control+a # Key combination
agent-browser keydown Shift # Hold key down
agent-browser keyup Shift # Release key
agent-browser hover @e1 # Hover
agent-browser check @e1 # Check checkbox
agent-browser uncheck @e1 # Uncheck checkbox
agent-browser select @e1 "value" # Select dropdown
agent-browser scroll down 500 # Scroll page
agent-browser scrollintoview @e1 # Scroll element into view
agent-browser drag @e1 @e2 # Drag and drop
agent-browser upload @e1 file.pdf # Upload files
`
Get information
`bash
agent-browser get text @e1 # Get element text
agent-browser get html @e1 # Get innerHTML
agent-browser get value @e1 # Get input value
agent-browser get attr @e1 href # Get attribute
agent-browser get title # Get page title
agent-browser get url # Get current URL
agent-browser get count ".item" # Count matching elements
agent-browser get box @e1 # Get bounding box
`
Check state
`bash
agent-browser is visible @e1 # Check if visible
agent-browser is enabled @e1 # Check if enabled
agent-browser is checked @e1 # Check if checked
`
Screenshots & PDF
`bash
agent-browser screenshot # Screenshot to stdout
agent-browser screenshot path.png # Save to file
agent-browser screenshot --full # Full page
agent-browser pdf output.pdf # Save as PDF
`
Video recording
`bash
agent-browser record start ./demo.webm # Start recording (uses current URL + state)
agent-browser click @e1 # Perform actions
agent-browser record stop # Stop and save video
agent-browser record restart ./take2.webm # Stop current + start new recording
`
Recording creates a fresh context but preserves cookies/storage from your session. If no URL is provided, it automatically returns to your current page. For smooth demos, explore first, then start recording.
Wait
`bash
agent-browser wait @e1 # Wait for element
agent-browser wait 2000 # Wait milliseconds
agent-browser wait --text "Success" # Wait for text
agent-browser wait --url "/dashboard" # Wait for URL pattern
agent-browser wait --load networkidle # Wait for network idle
agent-browser wait --fn "window.ready" # Wait for JS condition
`
Mouse control
`bash
agent-browser mouse move 100 200 # Move mouse
agent-browser mouse down left # Press button
agent-browser mouse up left # Release button
agent-browser mouse wheel 100 # Scroll wheel
`
Semantic locators (alternative to refs)
`bash
agent-browser find role button click --name "Submit"
agent-browser find text "Sign In" click
agent-browser find label "Email" fill "user@test.com"
agent-browser find first ".item" click
agent-browser find nth 2 "a" text
`
Browser settings
`bash
agent-browser set viewport 1920 1080 # Set viewport size
agent-browser set device "iPhone 14" # Emulate device
agent-browser set geo 37.7749 -122.4194 # Set geolocation
agent-browser set offline on # Toggle offline mode
agent-browser set headers '{"X-Key":"v"}' # Extra HTTP headers
agent-browser set credentials user pass # HTTP basic auth
agent-browser set media dark # Emulate color scheme
`
Cookies & Storage
`bash
agent-browser cookies # Get all cookies
agent-browser cookies set name value # Set cookie
agent-browser cookies clear # Clear cookies
agent-browser storage local # Get all localStorage
agent-browser storage local key # Get specific key
agent-browser storage local set k v # Set value
agent-browser storage local clear # Clear all
`
Network
`bash
agent-browser network route # Intercept requests
agent-browser network route --abort # Block requests
agent-browser network route --body '{}' # Mock response
agent-browser network unroute [url] # Remove routes
agent-browser network requests # View tracked requests
agent-browser network requests --filter api # Filter requests
`
Tabs & Windows
`bash
agent-browser tab # List tabs
agent-browser tab new [url] # New tab
agent-browser tab 2 # Switch to tab
agent-browser tab close # Close tab
agent-browser window new # New window
`
Frames
`bash
agent-browser frame "#iframe" # Switch to iframe
agent-browser frame main # Back to main frame
`
Dialogs
`bash
agent-browser dialog accept [text] # Accept dialog
agent-browser dialog dismiss # Dismiss dialog
`
JavaScript
`bash
agent-browser eval "document.title" # Run JavaScript
`
State management
`bash
agent-browser state save auth.json # Save session state
agent-browser state load auth.json # Load saved state
`
Example: Form submission
`bash
agent-browser open https://example.com/form
agent-browser snapshot -i
# Output shows: textbox "Email" [ref=e1], textbox "Password" [ref=e2], button "Submit" [ref=e3]
agent-browser fill @e1 "user@example.com"
agent-browser fill @e2 "password123"
agent-browser click @e3
agent-browser wait --load networkidle
agent-browser snapshot -i # Check result
`
Example: Authentication with saved state
`bash
# Login once
agent-browser open https://app.example.com/login
agent-browser snapshot -i
agent-browser fill @e1 "username"
agent-browser fill @e2 "password"
agent-browser click @e3
agent-browser wait --url "/dashboard"
agent-browser state save auth.json
# Later sessions: load saved state
agent-browser state load auth.json
agent-browser open https://app.example.com/dashboard
`
Sessions (parallel browsers)
`bash
agent-browser --session test1 open site-a.com
agent-browser --session test2 open site-b.com
agent-browser session list
`
JSON output (for parsing)
Add --json for machine-readable output:
`bash
agent-browser snapshot -i --json
agent-browser get text @e1 --json
`
Debugging
`bash
agent-browser open example.com --headed # Show browser window
agent-browser console # View console messages
agent-browser console --clear # Clear console
agent-browser errors # View page errors
agent-browser errors --clear # Clear errors
agent-browser highlight @e1 # Highlight element
agent-browser trace start # Start recording trace
agent-browser trace stop trace.zip # Stop and save trace
agent-browser record start ./debug.webm # Record from current page
agent-browser record stop # Save recording
agent-browser --cdp 9222 snapshot # Connect via CDP
``
Troubleshooting
- If the command is not found on Linux ARM64, use the full path in the bin folder.
- If an element is not found, use snapshot to find the correct ref.
- If the page is not loaded, add a wait command after navigation.
- Use --headed to see the browser window for debugging.
Options
- --session
uses an isolated session. - --json provides JSON output.
- --full takes a full page screenshot.
- --headed shows the browser window.
- --timeout sets the command timeout in milliseconds.
- --cdp
connects via Chrome DevTools Protocol.
Notes
- Refs are stable per page load but change on navigation.
- Always snapshot after navigation to get new refs.
- Use fill instead of type for input fields to ensure existing text is cleared.
Reporting Issues
- Skill issues: Open an issue at https://github.com/TheSethRose/Agent-Browser-CLI
- agent-browser CLI issues: Open an issue at https://github.com/vercel-labs/agent-browser
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制