← Back to Skills Marketplace
davisdiehl

Riddle

by davisdiehl · GitHub ↗ · v1.1.0
cross-platform ⚠ suspicious
1486
Downloads
1
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install riddle
Description
Hosted browser automation API for agents. Screenshots, Playwright scripts, workflows — no local Chrome needed.
Usage Guidance
Before installing: 1) Note the inconsistency: registry metadata lists no required credentials but the instructions require you to set a RIDDLE_API_KEY in OpenClaw config — confirm where the key is stored and how it is used. 2) Do not add the plugin to plugins.allow or edit ~/.openclaw/openclaw.json until you have inspected the plugin package (npm @riddledc/openclaw-riddledc) or its GitHub repo and verified checksums/CODE. 3) Understand privacy risks: sending cookies/localStorage/headers to a third-party browser service will expose session tokens and possibly PII — only do this with throwaway or explicitly consented credentials. 4) Verify the network allowlist and claims (api.riddledc.com only, no access to conversation history) by reviewing the plugin source and runtime policies; prose claims in SKILL.md are not proof. 5) If data sensitivity is high, prefer running Playwright locally or on an environment you control, or use ephemeral credentials and minimal scopes. 6) If you proceed, test with minimal, non-sensitive examples first and confirm the package's provenance (npm publisher, GitHub repo, CHECKSUMS.txt/SECURITY.md) and contact [email protected] with any questions.
Capability Analysis
Type: OpenClaw Skill Name: riddle Version: 1.1.0 The skill bundle is classified as benign. The `SKILL.md` provides clear instructions for installing and configuring a browser automation plugin, including setting an API key and modifying the OpenClaw configuration file (`~/.openclaw/openclaw.json`) using `jq` to add the plugin to an allow list. While direct file modification and external plugin installation (`@riddledc/openclaw-riddledc`) are present, they are explicitly explained as necessary for the plugin's functionality. Crucially, the `SKILL.md` includes a 'Trust & Security' section that declares strict boundaries for the plugin, such as network access limited to `api.riddledc.com`, filesystem writes restricted to `~/.openclaw/workspace/riddle/`, and zero access to agent context or other secrets. There is no evidence of prompt injection attempts, data exfiltration instructions, or other malicious intent within the provided files.
Capability Assessment
Purpose & Capability
The skill name/description (hosted browser API) matches the actions described (screenshots, Playwright scripts, workflows). However, the registry metadata lists no required environment variables or primary credential, while SKILL.md explicitly instructs you to obtain and configure a RIDDLE_API_KEY in OpenClaw config — this is an internal inconsistency. The install step (openclaw plugins install @riddledc/openclaw-riddledc) is consistent with a node plugin for this purpose.
Instruction Scope
SKILL.md tells the user/agent to install a plugin, add it to plugins.allow (editing ~/.openclaw/openclaw.json), restart the gateway, and configure an API key. It also documents passing cookies, localStorage, or custom headers to Riddle to access authenticated pages — a legitimate feature but one that enables sending session tokens and other sensitive data to an external service. The document claims the plugin cannot read conversation history or send the API key elsewhere, but those are claims in prose and cannot be verified from this instruction-only skill.
Install Mechanism
The SKILL.md points to installing a node plugin (@riddledc/openclaw-riddledc) via the OpenClaw CLI (npm-backed). Pulling a plugin from npm/GitHub is a common install path, but the registry metadata lists Source: unknown and no package/code is included in the skill bundle to audit. That makes the install a moderate risk until you verify the actual package contents, provenance, and checksums referenced in the README.
Credentials
The metadata declares no required env vars or primary credential, yet the instructions require a RIDDLE_API_KEY to be stored in OpenClaw config. SKILL.md also explains how to forward cookies/localStorage and custom headers to Riddle; these are legitimate for accessing private pages but are high-risk operations because they can expose session tokens, SSO cookies, or other secrets to the third-party service. The declared policy that only RIDDLE_API_KEY is needed (and only sent to api.riddledc.com) is a claim but not enforced by anything in this package.
Persistence & Privilege
The skill does not request always: true and is user-invocable (normal). However, installation requires adding the plugin to the global plugins.allow list and restarting the gateway (editing ~/.openclaw/openclaw.json), which modifies global agent configuration and makes the plugin available to future agent runs. That configuration change is expected for plugins but increases the blast radius if the plugin behaves maliciously; treat it as a permission grant that should be reviewed first.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install riddle
  3. After installation, invoke the skill by name or use /riddle
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Add quick start, pricing, and reference links
v1.0.0
Initial release — hosted browser automation API for AI agents. Screenshots, Playwright scripts, multi-step workflows. No local Chrome needed.
Metadata
Slug riddle
Version 1.1.0
License
All-time Installs 1
Active Installs 1
Total Versions 2
Frequently Asked Questions

What is Riddle?

Hosted browser automation API for agents. Screenshots, Playwright scripts, workflows — no local Chrome needed. It is an AI Agent Skill for Claude Code / OpenClaw, with 1486 downloads so far.

How do I install Riddle?

Run "/install riddle" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Riddle free?

Yes, Riddle is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Riddle support?

Riddle is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Riddle?

It is built and maintained by davisdiehl (@davisdiehl); the current version is v1.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments