← Back to Skills Marketplace
719
Downloads
0
Stars
12
Active Installs
1
Versions
Install in OpenClaw
/install browser-agent
Description
通过 Chrome DevTools Protocol 直接控制浏览器,实现登录状态复用和多场景自动化操作,支持 Windows 和 OpenClaw 集成。
README (SKILL.md)
browser-agent 技能
描述
浏览器自动化 Agent 技能,基于 Chrome DevTools Protocol (CDP) 和 WebSocket 实现 AI 对浏览器的直接控制。支持 OpenClaw 浏览器工具的原生集成,让 AI 能够像人类一样操作浏览器。
核心能力
- CDP 直连 - 通过 WebSocket 连接 Chrome 远程调试端口,绕过安全提示弹窗
- 会话保持 - 复用已登录的浏览器会话(cookie、登录状态、后台权限)
- 多场景自动化 - 支持数据抓取、表单填写、内容发布、跨平台同步等
- Windows 兼容 - 解决 Windows 平台 Chrome CDP 连接超时问题
适用场景
- 跨平台数据同步 - Notion ↔ 飞书、GitHub star 整理、Analytics 数据查询
- 内容管理 - 批量删除/发布 Twitter 帖子、管理社交媒体
- 数据采集 - 抓取网页内容、监控价格变化、收集竞品信息
- 自动化测试 - UI 测试、流程验证、回归测试
使用方法
前置条件
方式 1: 使用 OpenClaw 内置浏览器(推荐)
OpenClaw 的 browser 工具已自动配置 CDP,无需额外设置:
browser(action="start") # 自动启动并配置
方式 2: 自行启动 Chrome
需要添加 --remote-allow-origins 标志允许 WebSocket 连接:
# Windows
chrome.exe --remote-debugging-port=9222 --remote-allow-origins=* --user-data-dir="C:\chrome-profile"
# macOS
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
--remote-debugging-port=9222 --remote-allow-origins=* \
--user-data-dir="/tmp/chrome-profile"
⚠️ 注意: Chrome 90+ 版本默认拒绝 WebSocket 连接,必须添加 --remote-allow-origins=* 或指定具体 origin。
脚本调用
# 检查浏览器连接
python skills/browser-agent/scripts/browser_agent.py --check
# 执行页面自动化任务
python skills/browser-agent/scripts/browser_agent.py --url "https://example.com" --action "screenshot"
# 执行自定义脚本
python skills/browser-agent/scripts/browser_agent.py --script "my_automation.py"
OpenClaw 浏览器工具集成
# OpenClaw 内置 browser 工具已支持 CDP
browser(action="start") # 启动浏览器
browser(action="navigate", url="https://x.com") # 导航
browser(action="snapshot", refs="aria") # 获取页面快照
browser(action="act", kind="click", ref="e123") # 点击元素
browser(action="act", kind="type", text="内容") # 输入文本
技术架构
┌─────────────────┐ WebSocket ┌─────────────────┐
│ AI Agent │ ◄────────────────► │ Chrome CDP │
│ (OpenClaw) │ CDP Protocol │ (Port 9222) │
└─────────────────┘ └─────────────────┘
│ │
│ ▼
│ ┌─────────────────┐
│ │ Browser UI │
│ │ (Visible/Headless)
▼ └─────────────────┘
┌─────────────────┐
│ Skill Scripts │
│ - browser_agent.py │
│ - cdp_connector.py │
│ - session_manager.py│
└─────────────────┘
注意事项
- 安全性:CDP 端口仅监听 localhost,不要暴露到公网
- 会话超时:长时间空闲后可能需要重新 allow 连接
- 资源占用:每个 CDP 会话约占用 50-100MB 内存
- 网站兼容性:部分网站(如银行、高安全站点)可能阻止自动化
故障排查
问题:连接超时
# 检查 Chrome 是否启动
netstat -ano | findstr 9222
# 重启 Chrome 远程调试
taskkill /F /IM chrome.exe
chrome.exe --remote-debugging-port=9222
问题:安全提示弹窗
- 使用 WebSocket 直连方案(见
scripts/cdp_connector.py) - 或在 Chrome 中手动点击"允许"
问题:会话丢失
- 使用
--user-data-dir固定配置文件目录 - 实现会话保持机制(见
scripts/session_manager.py)
参考资源
更新日志
- v1.0 (2026-03-18) - 初始版本
- CDP WebSocket 直连支持
- Windows 平台兼容
- 会话保持机制
- OpenClaw browser 工具集成
Usage Guidance
This skill appears to do what it claims (control Chrome via CDP) but it operates with sensitive privileges: it can read and act using your browser's logged‑in sessions and it suggests using --remote-allow-origins=* (which weakens WebSocket origin checks). Before installing or running:
- Only run it on a machine you trust and preferably in an isolated profile/VM/container. Use a dedicated Chrome user-data-dir (not your main profile) to avoid exposing personal cookies/tokens.
- Avoid enabling --remote-allow-origins=* on machines exposed to other networks; prefer binding CDP to localhost and firewalling the port. Follow the SKILL.md warning to not expose the CDP port to the internet.
- Review any custom automation scripts you pass via --script; they can execute arbitrary CDP/JS against pages and could exfiltrate data.
- Install Python deps in a virtualenv and inspect the two Python scripts (they are included) before running. The package.json vs Python packaging mismatch is harmless but indicates the author bundled files manually—verify origin and author trust.
- If you want stricter guarantees, run the skill in a disposable environment, or decline installing if you cannot isolate browser profile access.
If you want, I can extract and summarize the exact code paths that access page content, cookies, or network responses so you can audit them more precisely.
Capability Analysis
Type: OpenClaw Skill
Name: browser-agent
Version: 1.0.0
The skill provides a powerful browser automation interface using the Chrome DevTools Protocol (CDP), enabling actions such as arbitrary JavaScript execution (Runtime.evaluate), simulated user input (clicking/typing), and session persistence. While these capabilities are aligned with the stated purpose of a browser agent, they constitute high-risk behaviors that could be used to manipulate user sessions or exfiltrate data if misused. Furthermore, the script `browser_agent.py` lacks input sanitization for the screenshot output path, creating a potential path traversal vulnerability. The documentation in `SKILL.md` also explicitly describes methods to bypass Chrome's WebSocket security prompts, which, while technically necessary for CDP automation, increases the risk profile of the bundle.
Capability Assessment
Purpose & Capability
Name/description match the included Python scripts and docs: the package implements a CDP WebSocket client, session keep‑alive, and actions (navigate, click, type, screenshot). No unrelated credentials, binaries, or exotic installs are requested.
Instruction Scope
SKILL.md and scripts instruct connecting to a local Chrome CDP endpoint, reusing user profiles (--user-data-dir) and bypassing Chrome's WebSocket origin checks (--remote-allow-origins=*). These instructions are coherent with the stated goal (session reuse, automation) but intentionally weaken browser-origin protections and enable the skill to access cookies, logged‑in sessions, and any page DOM/Network data.
Install Mechanism
No automated install spec; scripts are included and dependencies are listed in scripts/requirements.txt (websocket-client, requests). There are no downloads from third‑party URLs or archive extraction steps. Minor oddity: an npm package.json lists Python deps, but this is a packaging inconsistency rather than a direct install risk.
Credentials
The skill requests no environment variables, which is proportional. However, its intended operation requires access to the user's browser profile and a running Chrome with remote debugging enabled—this grants access to sensitive session state (cookies, auth tokens). That access is necessary for the skill's features but is high‑privilege and sensitive.
Persistence & Privilege
always is false and the skill does not request system-wide persistence. It does implement session keep‑alive threads while running. Be aware that autonomous invocation (the default) would allow the agent to open and control the local browser session without additional prompts if invoked.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install browser-agent - After installation, invoke the skill by name or use
/browser-agent - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
browser-agent 1.0.0
- 初始发布,基于 Chrome DevTools Protocol (CDP) 和 WebSocket 实现浏览器自动化
- 支持复用已登录浏览器会话(cookie、登录状态)
- 兼容 Windows 平台 Chrome CDP 连接超时问题
- 内置多场景自动化能力,如数据抓取、内容发布、自动化测试
- 完全集成 OpenClaw 浏览器工具,无需额外配置
Metadata
Frequently Asked Questions
What is Browser Agent - Chrome CDP 自动化?
通过 Chrome DevTools Protocol 直接控制浏览器,实现登录状态复用和多场景自动化操作,支持 Windows 和 OpenClaw 集成。 It is an AI Agent Skill for Claude Code / OpenClaw, with 719 downloads so far.
How do I install Browser Agent - Chrome CDP 自动化?
Run "/install browser-agent" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Browser Agent - Chrome CDP 自动化 free?
Yes, Browser Agent - Chrome CDP 自动化 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Browser Agent - Chrome CDP 自动化 support?
Browser Agent - Chrome CDP 自动化 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Browser Agent - Chrome CDP 自动化?
It is built and maintained by kaka4413 (@kaka4413); the current version is v1.0.0.
More Skills