← Back to Skills Marketplace
593
Downloads
0
Stars
2
Active Installs
12
Versions
Install in OpenClaw
/install neo-browser
Description
Browse websites, read web pages, interact with web apps, call website APIs, and automate web tasks. Use Neo when: user asks to check a website, read a web pa...
Usage Guidance
The skill appears to do what it says (turn a browser into an AI-callable API) but it will access very sensitive local data: Chrome profiles, cookies, active sessions, and full network captures. Before installing or running it: 1) inspect the npm package source (repository, maintainers, recent releases) to ensure trustworthiness; 2) prefer installing and running in a disposable or sandboxed environment (separate user account, VM, or container) rather than on a machine with important logins; 3) avoid using it while logged into sensitive accounts you don't want accessible; 4) treat exported cookies/captures as credentials — store/delete them securely; 5) run 'neo doctor' and review prompts before allowing it to launch Chrome; and 6) if you need a lower-privilege alternative, use read-only scraping tools that do not reuse your real browser session. Because this evaluation is based solely on the instruction file and registry metadata (the npm package itself was not inspected), confidence is medium — inspect the package source to raise confidence.
Capability Analysis
Type: OpenClaw Skill
Name: neo-browser
Version: 2.1.0
The 'neo-browser' skill (version 2.1.0) provides an interface for the '@4ier/neo' CLI, which grants an AI agent extensive control over the user's browser via CDP. Key high-risk capabilities include exporting full browser cookies (`neo cookies export`), capturing raw network traffic (`neo capture`), and managing Chrome profiles. While these features are functionally aligned with the stated goal of web automation and API discovery, the inclusion of explicit commands to extract session data and execute arbitrary JavaScript (`neo eval`) creates a significant surface for credential theft and session hijacking. No direct evidence of malicious exfiltration was found in the instructions, but the toolset is inherently high-risk.
Capability Assessment
Purpose & Capability
Name/description ask for website browsing, API discovery, and automation; the SKILL.md exclusively documents use of a 'neo' CLI that opens tabs, captures network traffic, reads pages, manipulates cookies, and automates UI — all coherent with the stated purpose. Requiring a 'neo' binary and providing an npm install is proportionate to the skill's functionality.
Instruction Scope
Instructions direct the agent to enumerate Chrome profiles, launch Chrome with a selected profile, capture CDP network traffic, export/import cookies, run JS in page context, and read authenticated APIs via auto-auth from the browser. Those actions are necessary for API discovery/browser automation but involve reading and exporting sensitive local data (cookies, session tokens, profile info). The SKILL.md explicitly encourages persisting login sessions via cookie export/import — a legitimate feature but high-risk if misused.
Install Mechanism
Install spec is an npm package (@4ier/neo) that creates a 'neo' binary. npm installs are a common distribution method but introduce moderate risk because they execute third‑party code on disk. There is no homepage/source URL in the skill metadata to verify the package origin, which reduces transparency.
Credentials
The skill requests no environment variables or external credentials, which is consistent. However, it expects access to the user's local Chrome profiles, cookies, and active tab state — sensitive data not represented as declared 'credentials'. This access is proportionate to browser automation but materially increases the sensitivity of running the skill.
Persistence & Privilege
always is false and the skill does not request global/system-level modifications in the SKILL.md. It will launch Chrome and may create files (cookie exports, captures) under the user's filesystem when used, but it does not declare forced or permanent agent-wide privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install neo-browser - After installation, invoke the skill by name or use
/neo-browser - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.1.0
Release v2.1.0
v2.0.0-skill.6
Skill docs update (docs: update SKILL.md for v2.0 + auto-publish CI)
v2.0.1
v2.0.1: Updated SKILL.md with cookie management docs, compact ref examples, profile management, CDP capture workflow
v2.0.0
Release v2.0.0
v1.5.0
Release v1.5.0
v1.4.1
Release v1.4.1
v1.4.0
Release v1.4.0
v1.3.1
Release v1.3.1
v1.3.0
Release v1.3.0
v1.2.2
Release v1.2.2
v1.2.1
Release v1.2.1
v0.4.0
Zero-config: auto-discover extension, neo setup/start, portable schema dir
Metadata
Frequently Asked Questions
What is Neo — Web App API Discovery?
Browse websites, read web pages, interact with web apps, call website APIs, and automate web tasks. Use Neo when: user asks to check a website, read a web pa... It is an AI Agent Skill for Claude Code / OpenClaw, with 593 downloads so far.
How do I install Neo — Web App API Discovery?
Run "/install neo-browser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Neo — Web App API Discovery free?
Yes, Neo — Web App API Discovery is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Neo — Web App API Discovery support?
Neo — Web App API Discovery is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Neo — Web App API Discovery?
It is built and maintained by 傅洋 (@4ier); the current version is v2.1.0.
More Skills