← Back to Skills Marketplace

Business Opportunity Screenshot

Name: Business Opportunity Screenshot
Author: jakliao

by xingxiuye · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

236

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install business-opportunity-screenshot

Description

Generate a business opportunity Skills report with ClawHub data, open it in Chromium, and capture a full-page screenshot saved to the output directory.

README (SKILL.md)

Business Opportunity Skills Report & Screenshot

生成商机发现 Skills 推荐报告，并用 Chromium 打开页面进行全页滚动截屏保存。

功能特点

智能搜索: 调用 ClawHub API 搜索商机相关 Skills
Fallback 机制: 当 API 限流或失败时，自动使用预设的 15 个热门商机 Skills 数据
详细报告: 生成美观的 HTML 报告，包含分类展示
自动截屏: 启动 Chromium 浏览器并自动截取全页图片

预设数据（API 失败时使用）

当 ClawHub API 超速限流时，会自动使用以下预设 Skills：

🔍 商机发现

opportunity-discovery
business-opportunity-detector
opportunity-assessment

📊 市场分析

market-environment-analysis
market-analysis-cn
market-sentiment-pulse

💼 商业战略

business-development
business
startup

🎯 获客引流

lead-generation
lead-researcher

🛠️ 创业工具

startup-toolkit
startup-financial-modeling
competitor-analysis

输入参数

query: 搜索关键词（可选，默认 "opportunity"）
output_name: 输出文件名（可选，默认 "商业发现-${日期}"）

输出

HTML 报告文件（保存在 workspace 根目录）
Chromium 浏览器打开页面
全页截屏保存到 output 目录（文件名：${output_name}.jpg）

依赖

clawhub CLI
chromium-browser
puppeteer-core npm 包
WSL2 环境 + DISPLAY=:0

安装依赖

cd /home/xiaoduo/.openclaw/workspace-product/skills/business-opportunity-screenshot
npm install puppeteer-core

使用方法

# 基本用法
node scripts/screenshot.js

# 指定搜索关键词
node scripts/screenshot.js business

# 指定输出名称
node scripts/screenshot.js opportunity "商机报告-2026-03-16"

关键工具

1. ClawHub 搜索

clawhub search \x3C关键词>

2. 获取 Skill 详情

clawhub inspect \x3Cskill-slug>

3. 启动 Chromium（调试模式）

export DISPLAY=":0" && chromium-browser --remote-debugging-port=9222 \x3Curl>

4. Puppeteer 连接截屏

const puppeteer = require('puppeteer-core');
const browser = await puppeteer.connect({ browserURL: 'http://localhost:9222' });
await page.screenshot({ path: 'output.jpg', fullPage: true });

触发词

商机发现报告
商机 skills 截图
商业机会 skills 报告
生成商机发现页面并截屏

Usage Guidance

This skill appears to do what it says, but there are several red flags to consider before installing: (1) It assumes the clawhub CLI and chromium-browser are installed and requires you to run npm install puppeteer-core manually — the package metadata did not declare these requirements. (2) The script uses a hardcoded workspace path (/home/xiaoduo/.openclaw/workspace-product) for reading/writing output — on your system this may point to a different user or not exist; it could overwrite files if that path exists. (3) It launches Chromium with --remote-debugging-port=9222 and connects puppeteer to it; this opens a local debug port while running and increases risk. (4) The code executes shell commands (clawhub) via execSync; review these commands and outputs if you care about confidentiality. Recommendations: inspect the scripts locally, run the skill in an isolated environment (container or VM), adjust the workspace/output paths to a safe directory, ensure you trust the clawhub CLI source, and only run npm install in a controlled environment. If you need higher assurance, ask the author for an install spec and for removal of hardcoded paths.

Capability Analysis

Type: OpenClaw Skill Name: business-opportunity-screenshot Version: 1.0.0 The skill contains a critical command injection vulnerability in `scripts/screenshot.js` because user-provided arguments (`query` and `slug`) are passed unsanitized to `execSync` when calling the `clawhub` CLI. Additionally, the script relies on hardcoded absolute paths for a specific user (`/home/xiaoduo/`), which is a significant configuration flaw. While the code logic appears to follow the stated purpose of generating reports and screenshots, these vulnerabilities allow for arbitrary command execution if the agent is prompted with malicious input.

Capability Assessment

⚠ Purpose & Capability

Name/description match the behavior: the script calls clawhub, builds an HTML report, and uses puppeteer-core to capture a screenshot. However the registry metadata declares no required binaries/env or credentials while SKILL.md and the script require clawhub CLI, chromium-browser, DISPLAY/WSL2, and an npm dependency. That mismatch (no declared requirements but required at runtime) is incoherent.

⚠ Instruction Scope

SKILL.md and scripts instruct running shell commands (clawhub search/inspect, launching Chromium with --remote-debugging-port) and write output under a hardcoded workspace path (/home/xiaoduo/.openclaw/workspace-product). The script executes shell commands with execSync (15s timeout). The hardcoded absolute path and use of remote debugging broaden scope beyond a simple screenshot tool and could fail or misbehave on other hosts.

ℹ Install Mechanism

There is no formal install spec, but package.json/package-lock include puppeteer-core. SKILL.md tells users to run npm install manually. This is an inconsistency: dependencies exist but installation is left to the user. The package-lock pulls puppeteer-core and related packages from public npm (npmmirror registry), which is expected but requires network install; no direct downloads from suspicious URLs were found.

⚠ Credentials

The skill requests no credentials, which is appropriate. But it implicitly requires environment-specific items: clawhub CLI, chromium-browser, DISPLAY (WSL2), and a writable workspace at a specific absolute home path. Requiring a specific user's home path is disproportionate and fragile — it can expose or overwrite files in that location if present.

✓ Persistence & Privilege

The skill does not request always:true and does not declare system-wide persistence. It runs on demand. One operational risk: launching Chromium with --remote-debugging-port opens a local debug port (9222) which, while local, increases the attack surface while the browser is running.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install business-opportunity-screenshot
After installation, invoke the skill by name or use /business-opportunity-screenshot
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release: Generate a business opportunity skills report with full-page screenshot. - Searches for business opportunity–related skills via ClawHub API (auto-fallback to preset list on failure) - Produces a categorized, visually formatted HTML report - Launches Chromium to render the report and captures a full-page screenshot - Allows custom search keywords and output file naming - Outputs both the HTML report file and JPG screenshot for easy sharing

Metadata

Slug business-opportunity-screenshot

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Business Opportunity Screenshot?

Generate a business opportunity Skills report with ClawHub data, open it in Chromium, and capture a full-page screenshot saved to the output directory. It is an AI Agent Skill for Claude Code / OpenClaw, with 236 downloads so far.

How do I install Business Opportunity Screenshot?

Run "/install business-opportunity-screenshot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Business Opportunity Screenshot free?

Yes, Business Opportunity Screenshot is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Business Opportunity Screenshot support?

Business Opportunity Screenshot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Business Opportunity Screenshot?

It is built and maintained by xingxiuye (@jakliao); the current version is v1.0.0.

More Skills