by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill appears coherent for browser-level debugging. Before installing: (1) Ensure the 'agent-browser' binary you have is from a trusted source — the scripts will run it and use it to eval JS into pages. (2) Only use the skill on sites you are authorized to inspect — the collector injects code (including eval) into pages and can capture request/response data. (3) Review the collector for any additional header/body fields you consider sensitive — the redaction list is conservative but not gua...详细分析 ▾
✓ 用途与能力
Name/description match the actual behavior: scripts inject a browser collector that instruments fetch/XHR/WebSocket, redact common sensitive fields, export JSON, and summarize into Markdown. The only external runtime required is a local 'agent-browser' CLI, which is referenced consistently in SKILL.md and scripts.
ℹ 指令范围
Runtime instructions require injecting the provided collector into the target page via agent-browser eval and then exporting logs. This matches the stated purpose, but the collector uses eval chunking to load itself into pages and the Node helpers execute local binaries (agent-browser) and write files under the user's workspace. Redaction is implemented but may not catch every sensitive pattern, so use only on pages you are authorized to inspect.
✓ 安装机制
No install spec — instruction-only with bundled JS helpers. Nothing is downloaded from the network and no archive extraction occurs. The scripts expect an existing agent-browser binary but do not attempt to fetch or install it.
✓ 凭证需求
The skill requires no environment variables or credentials. It reads typical local paths (HOME/USERPROFILE/APPDATA) to locate agent-browser and writes report files into the user's .openclaw workspace — behavior consistent with the stated purpose.
✓ 持久化与权限
always:false and user-invocable. The skill only writes reports and temporary files under the workspace and does not modify other skills or system-wide settings. It does execute a local binary (agent-browser) as part of normal operation.
⚠ scripts/capture-and-report.js:56
Shell command execution detected (child_process).
⚠ scripts/capture-session.js:50
Shell command execution detected (child_process).
⚠ scripts/clear-session.js:21
Shell command execution detected (child_process).
⚠ scripts/capture-session.js:79
Dynamic code execution detected.
⚠ scripts/summarize-network.js:14
File read combined with network send (possible exfiltration).
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.12026/3/30
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install browser-network-inspector
镜像加速npx clawhub@latest install browser-network-inspector --registry https://cn.longxiaskill.com