← Back to Skills Marketplace
Tap
by
LeonTing1010
· GitHub ↗
· v0.1.2
· MIT-0
114
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install tap
Description
AI browser automation protocol — run pre-built skills for 41 sites, or forge new ones. MCP native, deterministic, zero AI at runtime.
Usage Guidance
This tool is coherent for browser automation but comes with real privileges: the Chrome extension's debugger permission lets Tap read and control active tabs (including logged-in accounts), and 'tap install' can bring in and run community JavaScript stored under ~/.tap. Before installing: (1) inspect the GitHub repo, the Homebrew formula, and the extension manifest and source to confirm the debugger usage and no hidden permissions; (2) review community taps before running them; (3) if possible run Tap in an isolated browser/profile without sensitive logins or sync enabled; (4) prefer building from source after auditing code or verifying the release build provenance in CI; (5) avoid enabling autonomous invocation unless you accept that an agent could drive your browser using your active sessions. Proceed only if you are comfortable with those risks or can sandbox the browser environment.
Capability Analysis
Type: OpenClaw Skill
Name: tap
Version: 0.1.2
The 'tap' skill bundle provides extensive browser automation capabilities, including direct page manipulation (typing, clicking) and network requests via a Chrome extension requiring high-privilege 'debugger' permissions. A significant risk is identified in SKILL.md, which describes a 'tap install' command that fetches and executes external JavaScript 'skills' from a remote GitHub repository (LeonTing1010/tap-skills), creating a supply chain/RCE vector. While these capabilities are aligned with the stated purpose of deterministic automation, the combination of broad browser control and remote script execution is inherently high-risk.
Capability Assessment
Purpose & Capability
The name/description, required binary 'tap', and brew install all match a browser-automation tool. No unrelated environment variables or config paths are requested. One note: the skill claims it can publish/post to many sites but does not declare any API credentials — this implies it will act using your active browser sessions (via the extension), which is coherent but important to understand.
Instruction Scope
Runtime instructions direct installing a Chrome extension with the 'debugger' permission and using page APIs (click/type/screenshot/fetch). Those capabilities let Tap read and act on the active tab (including logged-in sessions) and could exfiltrate data. The workflow also encourages running community scripts via 'tap install' and forging new taps (inspect/verify/save), which involves executing or persisting JavaScript from external sources into ~/.tap — a real execution/exfiltration vector. The SKILL.md claims the extension only activates when invoked and doesn't request cookies/<all_urls>, but the debugger API can still access page content and CDP-level data; that should be verified in the actual extension manifest and source.
Install Mechanism
Install uses a Homebrew formula from a GitHub tap and points to GitHub Releases — both standard distribution paths (moderate risk). The build-from-source path uses 'deno compile' with broad flags (--allow-read/write/net/env/run) which, if performed blindly, grants the build step wide host access; review source and CI if you intend to build locally. No arbitrary HTTP download from obscure hosts is instructed.
Credentials
No environment variables or external credentials are requested, which is consistent if Tap operates via the browser session. That means actions like posting will use whatever accounts are logged into your browser — a permission model shift versus API-key-based tools. The absence of declared credentials is coherent but increases risk because browser sessions contain sensitive auth state.
Persistence & Privilege
always:false (good), but the skill is meant to be registered as an MCP server entry so the agent can invoke it autonomously. Combined with the extension's debugger privilege and the ability to install/execute community taps, this gives an autonomous agent a large blast radius (it could drive your browser and act as your logged-in user). The skill does persist user-forged taps under ~/.tap, which is expected, but any community taps should be reviewed before execution.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tap - After installation, invoke the skill by name or use
/tap - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
v0.1.2: Add Security & Trust section. Replace --allow-all with explicit permissions.
v0.1.1
v0.1.1: Clean up SKILL.md — remove shell pipe install, simplify tool descriptions.
v1.0.0
Initial release — AI browser automation protocol. 81 pre-built skills across 41 sites, 38 MCP tools, forge once run forever.
Metadata
Frequently Asked Questions
What is Tap?
AI browser automation protocol — run pre-built skills for 41 sites, or forge new ones. MCP native, deterministic, zero AI at runtime. It is an AI Agent Skill for Claude Code / OpenClaw, with 114 downloads so far.
How do I install Tap?
Run "/install tap" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tap free?
Yes, Tap is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Tap support?
Tap is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tap?
It is built and maintained by LeonTing1010 (@leonting1010); the current version is v0.1.2.
More Skills