🌐 Chrome CDP for OpenClaw — 浏览器自动化
v1.0.0基于 Chrome DevTools Protocol 的命令行工具,让 AI 代理通过脚本启动并操控 Chrome 实例,实现无头浏览器任务、页面抓取与自动化交互,无缝集成 XRDP 会话环境。
0· 65·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
high confidenceNULL
评估建议
This skill appears to do what it says (control a real Chrome via the DevTools protocol), but it asks you to run a remote installer as root and to expose Chrome's remote debugging port, which gives any local process full access to your browser sessions (cookies, localStorage, ability to execute JS). Before installing or running anything: 1) Review the entire install script (https://raw.githubusercontent.com/joustonhuang/chrome_for_openclaw/main/chrome_for_openclaw.sh) line-by-line — do not run cu...详细分析 ▾
ℹ 用途与能力
The name/description match the instructions: the skill uses agent-browser to connect to a real Chrome instance via CDP to reuse existing login sessions. However the registry metadata lists no required binaries/envs while SKILL.md and its internal metadata explicitly require the agent-browser command and mention many runtime environment variables (AGENT_BROWSER_CDP_URL, AGENT_BROWSER_PROFILE, AGENT_BROWSER_ENCRYPTION_KEY, HTTP(S)_PROXY, etc.). That inconsistency is a minor coherence issue but not necessarily malicious.
⚠ 指令范围
The runtime instructions tell the agent (or user) to fetch and execute a remote script (bash <(curl -fsSL https://raw.githubusercontent.com/.../chrome_for_openclaw.sh)), to run it with sudo (--install), to kill existing Chrome processes, and to start Chrome with --remote-debugging-port exposing full browser control on localhost. Those steps are directly related to the skill's purpose but they also grant the skill (and any local process that can reach localhost:9222) access to all cookies, storage, and the ability to execute JS in pages — a high-privilege action. The docs also suggest saving/restoring session state in plaintext files (auth.json) and encourage using env vars for credentials, which is sensitive and must be carefully handled.
⚠ 安装机制
There is no formal install spec in the registry; instead SKILL.md instructs executing a remote install script via curl|bash from raw.githubusercontent.com and installing agent-browser globally via npm -g. Running an arbitrary script fetched from a GitHub raw URL as root is a meaningful risk (it modifies system XRDP/XFCE configuration and Chrome behavior). While GitHub raw content is a common host, executing it directly with sudo is high-risk and should be reviewed manually before running.
ℹ 凭证需求
The skill declares no required environment variables in the registry but the instructions reference and recommend many env vars (DEBUG_PORT, START_URL, AGENT_BROWSER_CDP_URL, AGENT_BROWSER_PROFILE, AGENT_BROWSER_ENCRYPTION_KEY, HTTP_PROXY/HTTPS_PROXY/NO_PROXY, etc.). These are relevant to the declared functionality (connecting to CDP, profiles, proxies), but they are sensitive (especially AGENT_BROWSER_ENCRYPTION_KEY and proxy credentials). The guidance to save state files (which contain session tokens in plaintext) increases the risk if handled carelessly.
⚠ 持久化与权限
The skill does not request 'always: true', but the one-time install step requires sudo and modifies system components (installs Chrome if missing, configures XRDP + XFCE, and changes how Chrome is launched). It also suggests global npm -g install. These actions create persistent system changes and elevated privilege usage which are more intrusive than a lightweight instruction-only skill and should be performed only after manual review or within an isolated VM.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/13
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install chrome-for-openclaw
镜像加速npx clawhub@latest install chrome-for-openclaw --registry https://cn.longxiaskill.com