← Back to Skills Marketplace
dongxingao

xiaoya-auto-doing

by dongxingao · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
141
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ya
Description
Automate login and page capture for WHUT AI Augmented sites using agent-browser. Use when handling whut.ai-augmented.com or its subdomains, especially to ope...
Usage Guidance
This skill appears to implement browser-driven login and page capture for whut.ai-augmented.com, but there are a few red flags to consider before installing or using it: - The script calls the external 'agent-browser' CLI, but the skill metadata does not list that binary as required. Verify you have a trusted agent-browser binary installed and understand its permissions. - SKILL.md mentions a 'scripts/whut-open' wrapper that is not present in the provided file manifest. Confirm which file you should run (scripts/auto_login.py is present and appears to be the main script). - The skill reads credentials from WHUT_USERNAME/WHUT_PASSWORD or from a local JSON file. Do NOT store real credentials inside the skill package. Prefer environment variables or a secure secret store, and use a throwaway/test account when first trying the skill. - The tool captures full page text and saves it to latest_page_dump.json, which may include sensitive or personally identifiable information. Treat those outputs as sensitive local data. - Because the code uses subprocess to call agent-browser, inspect and trust that CLI (and its network/browser behavior) before running. Run the skill in a restricted environment (e.g., dedicated VM or container) if you are uncertain about origin/trust. If you want to proceed safely: (1) confirm/put agent-browser on PATH from a trusted source, (2) do not place real credentials in the skill folder, (3) test with a non-sensitive account first, and (4) inspect runtime outputs for unexpected network calls or sensitive data being written or transmitted.
Capability Analysis
Type: OpenClaw Skill Name: ya Version: 1.0.0 The skill bundle is designed to automate authentication and data extraction for the WHUT AI Augmented platform. The primary script, `scripts/auto_login.py`, uses the `agent-browser` utility to handle login forms and capture page content into a local JSON file. While the skill handles sensitive credentials, it does so through standard mechanisms (environment variables or a local configuration file) and lacks any indicators of exfiltration, obfuscation, or unauthorized remote execution.
Capability Assessment
Purpose & Capability
The Python script's behavior matches the stated purpose (open pages, dismiss popups, fill credentials, capture page text). However the skill metadata declares no required binaries while the script calls an external CLI 'agent-browser' — that required binary is not listed. The SKILL.md also references a convenience wrapper 'scripts/whut-open' that is not present in the file manifest. These packaging/declaration mismatches are inconsistent with the stated purpose.
Instruction Scope
Runtime instructions and the script limit their actions to driving agent-browser, reading credentials from environment or a local secret file, and writing a JSON page dump. The script does not send captured data to remote endpoints itself. This scope is consistent with automating browser login and capture, but it will collect full page text (potentially including sensitive info) and save it to latest_page_dump.json — users should expect capture/exfiltration of page content to local disk.
Install Mechanism
There is no install spec (instruction-only plus one script file). Nothing is downloaded or extracted during install. This is lower risk, but the script requires the agent-browser CLI at runtime which the package does not declare.
Credentials
The script legitimately needs WHUT_USERNAME/WHUT_PASSWORD or a path to a local secret file. Those credential sources are described in SKILL.md and used by the code, but the skill metadata does not declare any required environment variables. Also the skill suggests storing secrets in a file under the skill folder (./local/whut_ai_secret.json) which is a poor practice — packaging or placing credentials inside a skill folder increases risk of accidental disclosure.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes runtime output and may create/read a local secret file within its own folder, but it does not modify other skills or global configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ya
  3. After installation, invoke the skill by name or use /ya
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of auto-xiaoya-doing skill. - Automates login and page capture for WHUT AI Augmented sites using agent-browser. - Supports credential input via environment variables or local secret files. - Provides scripts for opening target pages, bypassing popups, and capturing page questions/text. - Captured page data is saved to latest_page_dump.json for further analysis. - Includes documentation and workflow guidelines for effective use and automation. 第一个版本应该bug很多。 某些模型有道德限制,不愿意帮你,不知道怎么解决。 目前的版本需要你把完整的作业页面的URL发给它,基于agent browser登陆浏览器,然后完成任务。 有点麻烦。 正在尝试发明全自动化skill。
Metadata
Slug ya
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is xiaoya-auto-doing?

Automate login and page capture for WHUT AI Augmented sites using agent-browser. Use when handling whut.ai-augmented.com or its subdomains, especially to ope... It is an AI Agent Skill for Claude Code / OpenClaw, with 141 downloads so far.

How do I install xiaoya-auto-doing?

Run "/install ya" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is xiaoya-auto-doing free?

Yes, xiaoya-auto-doing is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does xiaoya-auto-doing support?

xiaoya-auto-doing is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created xiaoya-auto-doing?

It is built and maintained by dongxingao (@dongxingao); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments