← Back to Skills Marketplace
browser-toggle
by
yoo-unison
· GitHub ↗
· v1.0.1
438
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install browser-toggle
Description
Enable or disable the OpenClaw built-in browser with one command, featuring auto backup, recovery, and cross-platform support.
README (SKILL.md)
OpenClaw Browser Toggle Skill
一键启用/禁用 OpenClaw 内置浏览器,无需手动修改配置文件
Name: browser-toggle
Version: 1.0.0
Author: AI Assistant
License: MIT
Description: 一键启用/禁用 OpenClaw 内置浏览器
Installation
bash setup.sh
Usage
openclaw-browser --enable
openclaw-browser --disable
openclaw-browser --status
Features
- ✅ 一键启用/禁用内置浏览器
- ✅ 自动备份配置文件
- ✅ 失败自动恢复
- ✅ 支持可视化/无头模式
- ✅ 跨平台支持
Requirements
- Python 3.8+
- OpenClaw 2026.2.26+
- Chrome/Chromium
Links
Usage Guidance
This skill appears to do what it says: it modifies ~/.openclaw/openclaw.json to enable/disable the built-in browser and keeps backups. Before installing: (1) verify the skill source — files reference GitHub but the registry source/homepage are 'unknown' — prefer an authoritative repository; (2) inspect browser_toggle.py (it is short and readable) and the backup directory to confirm no unexpected behavior; (3) do not allow creation of a global symlink (/usr/local/bin) unless you trust the package (the installer only attempts this if it has permission); (4) if you are unsure, run the code in an isolated environment/VM or manually copy the single script into your OpenClaw skills folder and run it without running setup.sh. The skill does modify your OpenClaw configuration and requires restarting OpenClaw to take effect — back up important data before proceeding.
Capability Analysis
Type: OpenClaw Skill
Name: browser-toggle
Version: 1.0.1
The skill is classified as suspicious due to a local file overwrite vulnerability found in `browser_toggle.py`. The `restore_from_backup` function and its corresponding `--restore` CLI argument allow an arbitrary file path to be specified as the source for restoration. This means an attacker could potentially overwrite the `~/.openclaw/openclaw.json` configuration file with the content of any file on the system that the script's user has read access to, leading to denial of service or information disclosure if the overwritten content is later displayed. While the skill's stated purpose is benign, this lack of input sanitization presents a significant vulnerability, even though there is no evidence of intentional malicious behavior like data exfiltration or persistence.
Capability Assessment
Purpose & Capability
Name/description match behavior: code and scripts only read/write OpenClaw config (~/.openclaw/openclaw.json), manage backups (~/.openclaw/workspace/backups), and provide enable/disable/status/headless controls. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md and install scripts instruct running setup/install which copy files into the user's OpenClaw workspace and invoke browser_toggle.py to modify openclaw.json. This is appropriate for the purpose, but note the skill writes to the user's OpenClaw config and creates backups — review those files before installing if you don't trust the source.
Install Mechanism
No remote downloads or archive extraction occur in the provided install scripts; setup.sh and install.sh copy local files into the ~/.openclaw workspace and optionally create a symlink. Build script creates local tarball; README references GitHub releases but install scripts do not fetch external content.
Credentials
No environment variables, credentials, or external tokens are required. The code accesses only the OpenClaw config and user home paths, which are necessary for the skill's stated function.
Persistence & Privilege
The skill installs into the user's OpenClaw workspace and may create a global symlink (/usr/local/bin/openclaw-browser) if permissions allow. It does not set always:true or request persistent elevated privileges, but creating a global command requires writable /usr/local/bin (sudo) — avoid granting that unless you trust the package.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install browser-toggle - After installation, invoke the skill by name or use
/browser-toggle - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
移除内部开发文档
v1.0.0
Initial release of the browser-toggle skill:
- One-click enable/disable for OpenClaw's built-in browser, no config file editing needed
- Supports Linux, Windows, and Mac
- Automatic configuration file backup and validation
- Automatic recovery on failure
- Switch between visual and headless modes
- Includes status check commands
Metadata
Frequently Asked Questions
What is browser-toggle?
Enable or disable the OpenClaw built-in browser with one command, featuring auto backup, recovery, and cross-platform support. It is an AI Agent Skill for Claude Code / OpenClaw, with 438 downloads so far.
How do I install browser-toggle?
Run "/install browser-toggle" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is browser-toggle free?
Yes, browser-toggle is completely free (open-source). You can download, install and use it at no cost.
Which platforms does browser-toggle support?
browser-toggle is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created browser-toggle?
It is built and maintained by yoo-unison (@yoo-unison); the current version is v1.0.1.
More Skills