📦 Browser Secure — 安全浏览器自动化

v2.0.0

支持 Chrome 用户配置、密钥托管、审批门禁与全链路审计日志，专为登录态站点、敏感操作及合规场景打造的浏览器自动化工具。

0· 1.0k·0 当前·0 累计

by @riverho

浏览器自动化安全自动化工作流

下载技能包

最后更新

2026/4/22

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

可疑

high confidence

NULL

评估建议

This package contains real code that will create ~/.browser-secure, save captures/screenshots/audit logs, and may install Playwright and other CLIs; however the registry metadata did not declare these requirements or environment variables. Before installing: 1) Treat this as a local CLI that will run Node/npm and may run brew/npx installers — consider running it in a VM or throwaway environment first. 2) Inspect setup.json and package.json and the config/default.yaml to confirm default behaviors...

详细分析 ▾

⚠ 用途与能力

The SKILL.md advertises a CLI for secure browser automation, which is consistent with the included source. However the registry metadata said "No required env vars / binaries / install spec" and "No install spec — instruction-only skill", while the included setup.json and many JS/TS files clearly require Node.js/npm, Chrome, Playwright browser binaries and optional Bitwarden/1Password CLIs. That mismatch (declared zero requirements vs. many real prerequisites) is incoherent and surprising for users.

⚠ 指令范围

The SKILL.md instructs the agent to run a CLI that will: access Chrome profiles (and may quit running Chrome), interact with vault CLIs (Bitwarden/1Password), auto-discover and save credential mappings to ~/.browser-secure/config.yaml, capture page screenshots and full text and write them to disk, and run interactive approval flows. The runtime instructions and code will read/write files under the user's home, access environment variables (e.g., BROWSER_SECURE_* and BROWSER_SECURE_CACHE_KEY), and can be configured to POST audit payloads to a webhook. Some of these environment/config accesses are not declared in the skill metadata — scope creep and potential for unintended data collection/transmission.

⚠ 安装机制

There is no install spec in the registry, yet setup.json describes an interactive npm-based setup (npm run setup, npm link/global install) and auto-install of Playwright binaries (npx playwright install chromium) and optionally using brew to install vault CLIs. That implies the skill will cause network downloads and run installers when setup is followed. The source files are included (no remote URL fetch for the skill itself), but the setup actions will invoke external package installs and may run OS package managers — a moderate-to-high install-time risk and another inconsistency versus the metadata claiming instruction-only.

⚠ 凭证需求

The code expects environment variables that are not declared: BROWSER_SECURE_CACHE_KEY (required for credential caching), optional BROWSER_SECURE_<SITE>_USERNAME/PASSWORD/TOKEN (for 'env' credential source), and common vault session variables (e.g., Bitwarden BW_SESSION mentioned in README/setup instructions). The skill can be configured to send audit logs to an arbitrary webhook URL (and include headers), so sensitive data stored in audit logs or captures could be exfiltrated if webhook is set. These credential and webhook capabilities are proportionally broad relative to the skill's declared registry metadata which listed no required envs.

ℹ 持久化与权限

The skill creates persistent data under ~/.browser-secure (config.yaml, audit.log, cache, scrapbook captures and screenshots), may install a global CLI via npm link per setup, and may quit/relaunch Chrome when reusing real profiles. It does not declare always:true and does not appear to modify other skills. Still, it requests persistent disk presence and the ability to run installers and control Chrome — privileges users should explicitly consent to.

⚠ dist/browser/chrome-lifecycle.js:92