by 安全扫描
OpenClaw
安全
high confidenceThe skill's files and instructions match its stated purpose (opening a URL in the macOS default browser) and there are no disproportionate permissions, installs, or hidden behaviors.
评估建议
This skill appears to do only what it says: open a provided URL in your macOS default browser. Before installing, consider: (1) the agent (if allowed autonomous invocation) could open URLs automatically — only enable autonomous use if you trust the agent's behavior; (2) opening untrusted URLs can expose you to phishing/malicious pages, so only pass trusted URLs or names; (3) minor documentation inconsistencies exist (return value vs. docs) and skill.json version differs from other files, but the...详细分析 ▾
✓ 用途与能力
Name/description (macOS browser automation to open URLs) align with the included code and skill.json entry point. The Python script uses the standard library webbrowser module to open URLs in the default browser, which is consistent with the stated functionality.
ℹ 指令范围
SKILL.md and the code are largely consistent, but SKILL.md initially states the function returns no value while open_website() actually returns a JSON-like dict and prints it when run as __main__. This is a minor documentation mismatch but not a security concern. The instructions do not ask the agent to read files, env vars, or exfiltrate data; they only open a URL in the browser.
✓ 安装机制
There is no install specification and no external downloads. The skill is instruction-only with a single local Python file that uses only standard-library modules, which is low risk.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. The declared dependencies are standard-library modules (webbrowser, sys, re) and do not require secrets or external service access.
✓ 持久化与权限
always is false and the skill does not request any special persistent privileges or modify other skills. It can be invoked by the agent, which is the normal behavior; note that autonomous invocation would allow it to open URLs without the user's manual trigger.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.1.42026/3/6
- Added new skill.json file for better skill metadata management.
● 无害
安装命令 点击复制
官方npx clawhub@latest install strike163163-my-browser-control
镜像加速npx clawhub@latest install strike163163-my-browser-control --registry https://cn.clawhub-mirror.com
技能文档
本工具专为macOS用户开发,核心功能是通过Python脚本自动打开指定网址,无需手动输入网址或点击浏览器。
核心功能说明
1. 一键打开网址功能
- 函数名:
open_website - 入参:
url(字符串类型,必填,例如:"https://www.baidu.com") - 返回值:无(直接触发浏览器打开操作)
- 实际代码(来自open_website.py):
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制