← Back to Skills Marketplace
162
Downloads
1
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install openweb
Description
Typed JSON access to 90+ real websites — Google, Amazon, Reddit, YouTube, GitHub, Instagram, Bloomberg, Zillow, and more — across search, shopping, travel, f...
Usage Guidance
This skill is coherent with its stated purpose (a CLI that drives a browser to read and interact with many websites), but it operates at a high privilege level: it expects to control a managed Chrome session, read cookies/localStorage/window globals, and can perform write actions on sites as your logged-in user.
Before installing or enabling:
- Inspect the npm package and upstream repository (https://github.com/openweb-org/openweb and https://getopenweb.com). Confirm the publisher and review recent code or package contents if possible.
- Review $OPENWEB_HOME/config.json after installation before running: check for any surprising settings or embedded secrets, and keep this directory isolated (use a directory dedicated to openweb).
- Consider running the CLI in a disposable environment or with an isolated browser profile (not your primary browser or profile) so captures and token reads don't touch your main sessions.
- Treat write operations with caution: the docs say writes should prompt; keep an eye out for prompts and audit any agent actions that perform mutations. Avoid giving the agent blanket consent to run writes autonomously.
- If you cannot audit the npm package source, avoid installing it on sensitive systems or provide it only to low-privilege test environments.
If you want, I can: (1) list concrete checks to run on the npm package before install, (2) suggest a safe runtime setup (isolated Chrome profile, limited OPENWEB_HOME), or (3) help craft a minimal config.json template that avoids storing secrets.
Capability Analysis
Type: OpenClaw Skill
Name: openweb
Version: 0.1.5
The `openweb` skill bundle is a comprehensive web automation framework designed to allow AI agents to interact with over 90 websites using a user's local authenticated browser session. It provides a structured environment for site discovery, traffic capture, and API curation, utilizing a clear permission model (`read`, `write`, `delete`, `transact`) to manage risks associated with state-changing actions. While the skill possesses broad capabilities to access sensitive data (such as DMs or profile information), these are strictly aligned with its stated purpose of bridging CLI and web interfaces, and the documentation includes explicit privacy assurances (no telemetry/exfiltration) and safety guidelines for developers (e.g., in `references/cli.md` and `add-site/guide.md`).
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (typed JSON access to many websites) aligns with what the skill requests: a local 'openweb' CLI, an OPENWEB_HOME config, and per-site packages. The Node install spec (@openweb-org/openweb) and the CLI binary requirement are proportionate to the stated purpose.
Instruction Scope
SKILL.md instructs the agent to control a managed browser (CDP), read browser state (cookies, localStorage, window globals), inject tokens into page.evaluate(fetch(...)), capture HARs, and run read/write operations. These behaviors are expected for a site automation/adapter tool, but they are sensitive: the instructions explicitly describe extracting auth tokens and performing write actions (likes, follows, posts). The doc does include safety guidance (permission tiers, prompting for writes), but the agent will have access to browser sessions and can perform actions as the logged-in user if allowed.
Install Mechanism
Install is via npm package @openweb-org/openweb which produces the 'openweb' binary — a plausible and expected mechanism. NPM installs are a moderate risk compared to instruction-only skills because arbitrary code will be installed; verify the package source (repository, maintainer) before installing.
Credentials
Requires OPENWEB_HOME and a config file $OPENWEB_HOME/config.json, which is reasonable for a tool that needs site configs and permission settings. However, the config and the runtime browser access are sensitive: config.json may contain permission flags/overrides and the runtime will access cookies/localStorage and possibly secrets in your browser profile. No unrelated cloud credentials are requested, which is good.
Persistence & Privilege
The skill is not 'always:true' and is user-invocable; autonomous invocation is allowed by platform default but not flagged here. The skill's runtime behavior does not request to modify other skills or system-wide agent settings. Normal install behavior (writing binaries) is declared in the npm install spec.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openweb - After installation, invoke the skill by name or use
/openweb - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.6
v0.1.6 — security/transparency hardening: removed SessionStart auto-install hook; added Trust & Side Effects section to README; symmetric --uninstall now removes the global CLI; cleaned up plugin metadata.
v0.1.5
Add scope note to bot-detection.md clarifying legitimate site interoperability for the logged-in user (not access-control circumvention). Equivalent technical content appears in playwright, puppeteer-extra-plugin-stealth, patchright, yt-dlp.
v0.1.4
openweb 0.1.4
- Updated description to highlight typed JSON access to 90+ major websites, including new categories and operations (search, post, DMs, etc.).
- Added license, compatibility, and metadata fields, including install instructions and project links.
- Noted CLI requirements and key environment/config variables for runtime.
- No code or file structure changes detected; documentation improvements only.
v0.1.3
**Agent-native way to access any website.**
**Bridging agent CLI and web GUI through API.**
Browser automation clicks buttons, reads pixels, and burns tokens. OpenWeb calls the same APIs the website calls.
- **Fast, cheap, and token-efficient** — No screenshots, no vision API, no LLM-powered parsing. JSON in, JSON out.
- **Minimal effort per operation** — Direct HTTP when it works, browser-backed fetch when the site requires it, and code adapters for maximal flexibility. The right transport per site, automatically — the caller never chooses or cares.
- **Predictable, typed API** — Typed params, response schemas, and examples for every operation.
- **Auth that just works** — Cookies, JWT, CSRF, request signing, exchange chains — auto-resolved per request. You never touch tokens.
- **Safe by default** — Read, write, delete, and transact operations gated by permission tiers. SSRF protection on every request.
- **Any site, any time** — 90+ sites out of the box across social, commerce, content, travel, finance, and more. Not listed? [Add it](#discover).
Metadata
Frequently Asked Questions
What is OpenWeb?
Typed JSON access to 90+ real websites — Google, Amazon, Reddit, YouTube, GitHub, Instagram, Bloomberg, Zillow, and more — across search, shopping, travel, f... It is an AI Agent Skill for Claude Code / OpenClaw, with 162 downloads so far.
How do I install OpenWeb?
Run "/install openweb" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OpenWeb free?
Yes, OpenWeb is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OpenWeb support?
OpenWeb is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OpenWeb?
It is built and maintained by imoonkey (@imoonkey); the current version is v0.1.5.
More Skills