← Back to Skills Marketplace
69
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install mtop-devtools-socket
Description
通过本地 socket 调用 Mtop DevTools 浏览器插件能力(获取请求/日志/埋点、设置 mock、获取 API schema、代理 HTTP 请求、浏览器操作与页面感知)
Usage Guidance
This skill appears to do what it says: control a browser DevTools extension via a local native host. Before installing or using it, be aware that it deliberately accesses sensitive browser state and local files: it can read cookies (used for signing/auth), capture page contents and screenshots, run arbitrary JS in pages, proxy requests with browser cookies, add redirect/modify rules, and upload local files. Only install the npm packages if you trust their publisher; registering a native messaging host may require sudo and writes system config. Avoid using this on accounts or pages containing sensitive data unless you trust the extension and CLI source; review the @mtop-devtools packages on npm/GitHub and the browser extension source if possible. If you will grant agent autonomy, consider restricting its scope because these capabilities could be misused to exfiltrate data or redirect traffic.
Capability Analysis
Type: OpenClaw Skill
Name: mtop-devtools-socket
Version: 1.0.0
The skill provides high-risk browser automation capabilities, including arbitrary JavaScript execution (page_eval), access to browser cookies for authenticated requests (proxy_request, send_mtop_request), and local file uploads (page_upload). While these features are aligned with the stated purpose of a developer tool for debugging 'Mtop' APIs (associated with alibaba-inc.com), they grant an AI agent significant control over the user's browser session and local files. The requirement to install external global npm packages (@mtop-devtools/native-host) and a specific browser extension further increases the potential attack surface.
Capability Assessment
Purpose & Capability
Name/description state a local-socket interface to the Mtop DevTools extension; the SKILL.md and README describe Native Messaging, a CLI, and browser control features (requests, logs, mocks, proxy, page ops) that align with that purpose.
Instruction Scope
SKILL.md instructs installation of a native host and CLI and gives commands that will: execute arbitrary JS in page context (page_eval), read page DOM/accessible snapshot, capture screenshots, read and use browser cookies for signing/proxying, upload local files, and add declarativeNetRequest rules (redirect/modify/block). These are expected for a DevTools control tool but are powerful and enable data access/exfiltration if misused.
Install Mechanism
This is an instruction-only skill (no install spec). It tells users to run npm -g install of @mtop-devtools/native-host and @mtop-devtools/client. That is a reasonable install approach for a native messaging host but implies installing third-party global packages and registering a native host manifest (may require elevated privileges and writing system dirs). The skill does not auto-download or execute code itself.
Credentials
The skill requires no environment variables or external credentials in metadata. However runtime behavior explicitly depends on sensitive browser state: it reads cookies (_m_h5_tk, m_tk, _tb_token_) to sign/send mtop requests, automatically attaches browser cookies to proxied requests, and can be directed to read local file paths for uploads or payload files. These sensitive accesses are coherent with the skill's purpose but should be treated as high-privilege operations.
Persistence & Privilege
The skill is not always:true and does not request permanent platform-level presence. It recommends installing a native host and CLI which will register a native messaging host and a global command via npm -g; that is appropriate for the stated functionality and is performed by the user during setup.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mtop-devtools-socket - After installation, invoke the skill by name or use
/mtop-devtools-socket - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of mtop-devtools-socket skill.
- Enables local socket integration with Mtop DevTools browser extension: fetch requests/logs/events, set mocks, manage API schemas, proxy HTTP requests, and perform browser interactions.
- Provides detailed usage guidance, supported commands, and example operations for API debugging, mocking, request rules, page actions, and browser context awareness.
- Includes references for usage examples, API parameters, and troubleshooting.
Metadata
Frequently Asked Questions
What is mtop-devtools-socket?
通过本地 socket 调用 Mtop DevTools 浏览器插件能力(获取请求/日志/埋点、设置 mock、获取 API schema、代理 HTTP 请求、浏览器操作与页面感知). It is an AI Agent Skill for Claude Code / OpenClaw, with 69 downloads so far.
How do I install mtop-devtools-socket?
Run "/install mtop-devtools-socket" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is mtop-devtools-socket free?
Yes, mtop-devtools-socket is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does mtop-devtools-socket support?
mtop-devtools-socket is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created mtop-devtools-socket?
It is built and maintained by 徒言 (@f-loat); the current version is v1.0.0.
More Skills