← Back to Skills Marketplace
Browser Search
by
中国山东肥城林水科技
· GitHub ↗
· v1.0.7
· MIT-0
697
Downloads
0
Stars
8
Active Installs
8
Versions
Install in OpenClaw
/install browser-search
Description
浏览器搜索技能 - 安全的网页搜索工具 使用本地浏览器进行自动化搜索和内容提取 支持 Bing、Google、Baidu、DuckDuckGo 等公开搜索引擎 无需 API 配置,路径输出受限
README (SKILL.md)
Browser Search 技能
使用本地浏览器进行安全的网页搜索和内容提取。
安全说明
仅用于合法用途,严格遵守以下限制:
- ✅ 仅访问公开搜索引擎:Bing、Google、Baidu、DuckDuckGo
- ✅ 路径输出受限:结果文件只能保存到用户主目录
- ✅ 无危险函数:不使用 eval/exec 等危险函数
- ✅ 严格的超时控制:防止无限等待
- ❌ 禁止访问敏感站点:仅支持公开搜索引擎
- ❌ 禁止爬取私有内容:仅提取搜索结果摘要
核心功能
- 🔍 多搜索引擎支持:Bing、Google、Baidu、DuckDuckGo
- 📄 内容提取:自动提取搜索结果标题和链接
- 💾 结果保存:保存到 JSON/TXT/MD 文件(路径受限)
使用场景
- 查找最新新闻和资讯
- 搜索技术文档和教程
- 市场调研(仅限公开信息)
触发词
- "搜索..."
- "查找..."
- "用浏览器搜索..."
- "帮我找..."
快速开始
# 基本搜索
browser-search "人工智能 2026"
# 指定引擎
browser-search "AI 趋势" --engine bing
# 保存结果
browser-search "Python 教程" --output ~/results.json --max 5
注意事项
- 需要本地 Chromium 浏览器
- 结果可能受地区限制
- 仅用于合法合规用途
- 输出文件路径必须在用户主目录
Usage Guidance
This skill appears to do what it says (use a local Chromium via Playwright to grab search result titles/links), but it will write output to any file you point to under your home directory. Before installing or running it: (1) review the browser-search.py code yourself or in a safe environment; (2) never pass a path that could overwrite sensitive files (e.g., ~/.ssh/*, shell profile files, or other secrets); (3) prefer running it in a constrained account or container so the home directory does not contain sensitive data; (4) be aware of TOCTOU/symlink risks — avoid running it where untrusted processes can change files between validation and write; (5) install Playwright and Chromium from official sources and run the tool manually first to confirm behavior. If you need stricter guarantees, request the author add a filename whitelist (e.g., only ~/.local/share/browser-search/*.json), atomic write-to-temp-then-rename behavior, and explicit refusal to overwrite existing files.
Capability Analysis
Type: OpenClaw Skill
Name: browser-search
Version: 1.0.7
The browser-search skill bundle is a legitimate tool for automating web searches via Playwright. The code in browser-search.py implements explicit security controls, such as validating that output files are restricted to the user's home directory and avoiding dangerous functions like eval or exec. No evidence of data exfiltration, malicious persistence, or prompt injection was found across the script or documentation.
Capability Assessment
Purpose & Capability
The name/description (local browser search using Playwright/Chromium) matches the provided code. Minor inconsistency: registry metadata lists no required binaries/env, but SKILL.md and requirements.txt explicitly state Playwright and Chromium are required. This is an implementation/metadata mismatch rather than an outright functional contradiction.
Instruction Scope
The code restricts output paths to the user's home directory, but otherwise will write arbitrary JSON to any path under the home directory (including hidden/sensitive files like ~/.ssh/ or dotfiles) if given that path. The runtime does not enforce filename whitelists or type-checking of destination files and is vulnerable to TOCTOU (validate then write) / symlink risks. The code visits only search engine result pages and does not follow links, and it does not read other system files or environment variables beyond normal runtime — that part is consistent with the stated scope.
Install Mechanism
There is no install spec in the registry (instruction-only), but the package contains requirements.txt and the SKILL.md and code state Playwright + Chromium are required. Because installation is left to the user, this is moderate friction but not unexpected — just ensure Playwright and its browsers are installed from official sources.
Credentials
The skill requests no environment variables or external credentials (appropriate). However, allowing write access to any file under the user's home directory is broader than the 'results-only' claim in the SKILL.md: sensitive files under home could be overwritten. There is no protection against a user or calling process specifying a path that would expose or overwrite secrets.
Persistence & Privilege
always:false and no special persistence or cross-skill configuration changes. The skill does not request elevated or persistent privileges and does not modify other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install browser-search - After installation, invoke the skill by name or use
/browser-search - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
- Updated metadata in _meta.json; no changes to features or functionality.
- No impact on user experience or usage.
v1.0.6
- Internal metadata updated; no user-facing functionality changes.
- All features and documentation remain unchanged.
- Safe, multi-engine browser search continues as before.
v1.0.5
browser-search v1.0.5
- Added _meta.json file for improved metadata management.
- Updated documentation with stricter safety requirements and clearer guidance.
- Refined function descriptions: streamlined supported features and limitations for clarity.
- Ensured continued restriction on file output location and public search engines only.
v1.0.4
browser-search v1.0.4
- Added FIX_NOTES.md for better tracking of fixes and changes.
- Updated version history and documentation to reflect recent fixes and improvements.
- Minor adjustments to descriptions and file organization.
v1.0.3
Version 1.0.3
- Security further enhanced: reduced use of suspicious patterns and improved safety measures.
- Output paths now restricted to user home directory only.
- Removed potentially dangerous code (e.g., eval/exec), simplified network logic, and improved timeout handling.
- Support limited to public search engines and non-sensitive sites.
- Documentation updated to reflect safer behavior and usage restrictions.
v1.0.2
browser-search 1.0.2
- Maintenance update with no user-facing feature changes.
- Documentation and skill metadata remain unchanged in this release.
v1.0.1
- Fixed a security vulnerability that allowed arbitrary file writes via the --output parameter.
- Output file paths are now restricted to the user's home directory and its subdirectories.
- Output outside the home directory (e.g. system folders) is blocked to prevent misuse.
- Updated documentation to reflect the new security restrictions and safer usage instructions.
- Added a requirements.txt file; removed README.md.
v1.0.0
browser-search v1.0.0
- 初始发布,支持通过本地浏览器自动化多搜索引擎检索与内容提取
- 支持 Bing、Google、Baidu、DuckDuckGo 等多种搜索引擎
- 提供搜索结果自动提取、摘要生成与链接采集
- 支持结果保存、分页浏览和关键词过滤
- 可自定义和设置默认搜索引擎
Metadata
Frequently Asked Questions
What is Browser Search?
浏览器搜索技能 - 安全的网页搜索工具 使用本地浏览器进行自动化搜索和内容提取 支持 Bing、Google、Baidu、DuckDuckGo 等公开搜索引擎 无需 API 配置,路径输出受限. It is an AI Agent Skill for Claude Code / OpenClaw, with 697 downloads so far.
How do I install Browser Search?
Run "/install browser-search" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Browser Search free?
Yes, Browser Search is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Browser Search support?
Browser Search is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Browser Search?
It is built and maintained by 中国山东肥城林水科技 (@linshuikeji); the current version is v1.0.7.
More Skills