by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's code and instructions largely match its stated purpose (local Chrome automation), but it includes powerful, potentially intrusive capabilities (input locking, network/console inspection, coordinate-driven logins) and relies on an undeclared CDP endpoint environment variable — things that merit caution before installing or enabling autonomous use.
评估建议
This skill is functionally coherent for browser automation, but it contains high-impact actions you should be aware of before installing or enabling automatic use. Specific points to consider:
- Review the Python script yourself before running; it will connect to a Chrome DevTools (CDP) endpoint and drive your existing Chrome instance.
- The script reads DOM, lists network requests and console logs: these can disclose sensitive data (tokens, cookies, secrets embedded in pages). Avoid running on...详细分析 ▾
✓ 用途与能力
Name/description match the delivered artifacts: SKILL.md, README, API docs and scripts/browser.py implement navigation, screenshot, interact, scrape, debug, test and record via CDP/Playwright. The Playwright CLI adapter is a coherent implementation of the claimed capability.
⚠ 指令范围
Runtime instructions and the included script direct the agent to read full DOM, capture screenshots, list network requests, capture console logs, click/type (including login flows), and lock user input with a full-screen overlay. These behaviors go beyond passive observation: they permit active interaction with and inspection of arbitrary websites and can capture sensitive in-page data. The code also references environment variables and skill directory paths (e.g., BROWSER_CDP_ENDPOINT, CLAUDE_SKILL_DIR) that are not declared in the skill metadata.
ℹ 安装机制
No install spec in registry (instruction-only skill plus one Python script). The script requires the user to run 'pip install playwright' themselves; nothing is fetched automatically during installation. This lowers supply-chain risk but means runtime dependency installation and execution are manual and must be audited by the user.
⚠ 凭证需求
The manifest lists no required env vars, but the code uses BROWSER_CDP_ENDPOINT (defaulting to http://localhost:9222) and documentation references CLAUDE_SKILL_DIR. Allowing the CDP endpoint to be set by env var means the skill can be pointed at an arbitrary CDP host (including a remote host) without that being declared. Additionally, network/console inspection via CDP can expose sensitive tokens or page-injected secrets. The skill does not request credentials itself, but instructions (and the 'interact' skill) explicitly describe performing login flows, which could cause credentials to be entered or captured.
⚠ 持久化与权限
always:false (good) and autonomous invocation is allowed (normal), but combined with the skill's ability to lock user input, persist CLI session state, inspect network/console data, and perform multi-step interactions, autonomous execution increases potential for undesired or surprising actions. The 'lock' feature (injecting an overlay to block user input) is especially intrusive and increases the blast radius if the skill is invoked without careful controls.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/18
Initial release of browser-automation-skills: - Introduces a skill pack for browser automation with Google Chrome. - Enables navigation, screenshots, interaction, scraping, debugging, automated testing, and session recording. - Provides both built-in subagent and Playwright CLI script for flexibility. - Features visual overlay to lock/unlock browser input during automation. - Includes multilingual documentation (English and Chinese).
● 可疑
安装命令 点击复制
官方npx clawhub@latest install browser-automation-skills
镜像加速npx clawhub@latest install browser-automation-skills --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制