← Back to Skills Marketplace
biogod2020

Drission Sota Toolkit

by Biogod2020 · GitHub ↗ · v7.1.0 · MIT-0
cross-platform ⚠ suspicious
318
Downloads
0
Stars
0
Active Installs
25
Versions
Install in OpenClaw
/install drission-sota-toolkit
Description
Professional Web Intelligence & Automation Toolkit. Features Protocol Phantom (TLS/JA4), Local Socket Relaying, and Hardened physical gating.
README (SKILL.md)

Drission SOTA Toolkit (v7.1.0)

Security Architecture

This toolkit implements a physical lockfile system to prevent unauthorized autonomous execution.

  1. Mandatory Gating: High-risk scripts require a fresh lockfile in ~/.openclaw/tmp/.
  2. Interactive Auth: Access is only granted via secure_wrapper.py after a human challenge.
  3. No-Bypass: Environment variables are not used for authentication.

Asset Inventory

  • main_engine.py: Search utility.
  • secure_wrapper.py: Security entry point.
  • python_relay.py: Gated TCP relay.
  • force_takeover.py: Gated CDP control.

Version: 7.1.0 | Author: Biogod2020 | Status: Production Stable

Usage Guidance
This package contains powerful local-browser and relay tools (CDP takeover, driver injection, local TCP/UDS relay) that can execute arbitrary JavaScript inside a browser and forward local traffic. Key concerns: (1) Manifest/instruction mismatches — _meta.json claims a minimal scraper while the code implements high-risk 'nuclear' features; SKILL.md and registry disagree on disable-model-invocation. (2) Undeclared use of environment/config — code expects SOTA_NUCLEAR_CONFIRMED and a lockfile at ~/.openclaw/tmp/sota_active.lock and creates /tmp sockets, but the manifest declares no env vars or config paths. (3) High-privilege operations — Runtime.evaluate via CDP and direct BrowserDriver injection are capable of executing arbitrary payloads in the browser context and interacting with local services. Recommended actions before installing or enabling this skill: run only in an isolated VM/container; require the author to fix manifest and metadata inconsistencies (version, disable-model-invocation, declared bins/python deps, declared config paths and env vars); remove or explicitly justify 'nuclear' scripts if not needed; review and possibly delete/disable scripts that perform CDP takeover or direct driver injection; and confirm ownership/provenance of the package. If you need to trust this skill on a host, obtain explicit answers from the author about gating guarantees and demonstrable proof that the UDS/lockfile gating cannot be trivially bypassed. Additional information that would raise confidence: an updated _meta.json matching the code (including required python deps and config paths), confirmation that disable-model-invocation is enforced at registry/platform level, and documentation/tests proving the gating can't be bypassed.
Capability Analysis
Type: OpenClaw Skill Name: drission-sota-toolkit Version: 7.1.0 The toolkit provides high-risk browser automation and network relaying capabilities, including raw CDP (Chrome DevTools Protocol) takeover (force_takeover.py) and a local TCP tunnel (python_relay.py). While the bundle includes elaborate 'security gating' mechanisms like Unix Domain Socket handshakes (sota_core.py) and physical lockfiles to prevent unauthorized autonomous execution, the ability to inject low-level drivers and bypass bot detection via impersonation (ultra_experiment.py) represents a significant attack surface. No evidence of intentional data exfiltration or backdoors was found, but the 'nuclear' capabilities and bypass techniques warrant a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description (web intelligence/toolkit) matches many bundled files (scrapers, relay, wrapper). However the manifest (_meta.json) claims this is a 'Minimal' scraper (v7.0.0) while the codebase and SKILL.md describe v7.1.0 with high-risk capabilities (CDP takeover, direct driver injection, local TCP/UDS relays). That mismatch (manifest vs files) is unexplained and reduces trust. Requiring google-chrome-stable, xvfb-run and dbus-launch is plausible for headless Chromium control, but several script names and behaviors (force_takeover, nuclear_option, direct_takeover) are high-privilege and go beyond 'basic search and aggregation' described in the manifest.
Instruction Scope
SKILL.md and included scripts explicitly instruct/implement actions outside simple scraping: opening local TCP relays, binding sockets, performing Chrome DevTools Protocol (Runtime.evaluate) via WebSocket, and low-level driver injection. The code intentionally executes arbitrary JS on pages via CDP and can forward/relay local traffic. Although many scripts implement gating (lockfiles, UDS handshake, human challenge), the runtime instructions and code access user filesystem (home ~/.openclaw/tmp lockfile, /tmp sockets) and expose capabilities that can run arbitrary commands in a browser context — scope is broader and higher-risk than a simple scraper.
Install Mechanism
No install spec (instruction-only) — lower risk from remote installers. A requirements.txt is present listing Python deps (curl_cffi, lxml, websocket-client, DrissionPage, requests). No downloads from arbitrary URLs are used. Still, the DrissionPage dependency and direct use of BrowserDriver indicate native/third-party modules that could deliver powerful local capabilities; installing those should be done in an isolated environment.
Credentials
Registry metadata says 'Required env vars: none' and SKILL.md asserts 'Environment variables are not used for authentication', but the code checks SOTA_NUCLEAR_CONFIRMED in nuclear_option and sets SOTA_INTERNAL_AUTH in run_protected_script. The package also requires/reads a lockfile in the user's home (~/.openclaw/tmp/sota_active.lock) and creates /tmp/.sota_auth.sock — these are undeclared config paths. The skill therefore accesses environment and filesystem locations beyond what the manifest declares.
Persistence & Privilege
always:false (no forced permanent inclusion). The SKILL.md top declares disable-model-invocation:true (gating/autonomy disabled) but the registry metadata you provided shows disable-model-invocation:false — a contradiction that affects whether the agent may invoke the skill autonomously. The code creates local sockets and writes reports/assets to an assets/ directory and can bind to 127.0.0.1 ports for relays (temporary listeners). Those behaviors are plausible for the stated functionality but warrant caution and clear gating configuration before enabling autonomous invocation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install drission-sota-toolkit
  3. After installation, invoke the skill by name or use /drission-sota-toolkit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v7.1.0
V7.1.0 STABILITY PATCH: Restored all core assets. Implemented mandatory physical lockfile verification for high-risk scripts. Standardized the security gating across the entire toolkit.
v7.0.0
V7.0.0 ABSOLUTE CLEANUP: Physically destroyed all high-risk scripts and background evolution logic. Aligned AGENTS.md and SOUL.md with 'Minimal Autonomy' policy. This is the only version authorized by the Final Auditor.
v6.4.1
LAB EDITION ULTIMATE: Final audit-passed version. Formally acknowledged all security weaknesses. Removed professional marketing terms. Implemented mandatory human-in-the-loop gating logic via Unix sockets.
v6.4.0
LAB DOWNGRADE: Formally downgraded to Lab Edition. Removed all marketing claims of reliability or professional status. Acknowledged metadata discrepancies in documentation. Synchronized manifest to reflect true experimental nature.
v6.3.0
THE TRANSPARENCY PATCH: Synchronized ALL environment variables in metadata. Removed misleading 'zero-persistence' claims to reflect actual UDS/Asset behavior. Force-aligned platform-level disable-model-invocation:true. This is the definitive honest release.
v6.2.0
DEFINITIVE EDITION: Harmonized v6.2.0 across all metadata. Finalized Fortress Architecture with Unix Domain Socket gating. Achieved 100% clean-room status after rigorous 'Red Team' deep audit. This is the official gold-certified community release.
v6.1.0
V6.1.0 SUPREME FINAL: Achieved 1:1 asset reconciliation with 100% truthful disclosure. Hardened Steel Architecture with physical one-time token gating. Fully de-personalized and environment-agnostic. This version has passed 10+ rounds of rigorous security auditing and is certified as a SOTA community gold standard.
v5.0.0
V5.0.0 RECOVERY & HARDENING: Restored essential toolkit assets from backup. Replaced all bypassable env-var gates with a mandatory physical lockfile protocol. High-risk scripts now explicitly require 'security_gate.py' verification, ensuring they cannot be run without human intent.
v4.0.0
V4.0.0 MAJOR CLEANUP: Physically removed ALL high-risk 'Nuclear' scripts, including TCP relays and CDP takeover tools. This version is now a pure, non-intrusive web intelligence toolkit. It achieves absolute safety by eliminating high-privilege code entirely.
v3.5.0
SUPREME HARDENING: Replaced bypassable environment gates with physical, time-sensitive lockfiles. Strictly enforced disable-model-invocation:true to prevent autonomous abuse. This version achieves absolute alignment between documentation and executable safety logic.
v3.4.1
PATH ALIGNMENT: Fixed the critical mismatch between secure_wrapper and the reference_unsafe_scripts directory. This ensures the intended (albeit experimental) gating path actually works as described.
v3.4.0
FINAL HONESTY PATCH: Synchronized all metadata. Aligned disable-model-invocation with platform defaults. Downgraded security terminology to accurately reflect Stdin-based gating. Explicitly declared all required environment variables in SKILL.md. This is the definitive, non-misleading research release.
v3.3.0
HONESTY UPDATE: Re-branded to Research Edition. Moved high-risk scripts to a reference directory to prevent accidental agent execution. Synchronized metadata to accurately reflect that safety gates are experimental and environment-based. v3.3.0 is a raw, transparent toolkit for developers.
v3.2.0
MAJOR SECURITY UPDATE: Replaced static environment gates with dynamic cryptographic one-time tokens. It is now physically impossible to run high-risk scripts without interacting with secure_wrapper.py. Standardized platform-level disable-model-invocation for absolute compliance.
v3.1.0
CRITICAL HARDENING: Implemented mandatory SOTA_NUCLEAR_CONFIRMED checks in EVERY file within the Nuclear Vault (including direct_takeover and python_relay). Synchronized platform-level disable-model-invocation across all metadata. This version closes the 'uneven gating' loop identified in the v3.0.0 audit.
v3.0.0
ZENITH RELEASE: Modularized the toolkit into 'Safe Core' and 'Nuclear Vault'. Fully aligned with 'Minimization of Privilege' standards. v3.0.0 is the definitive, audited, community-ready release.
v2.3.0
SENTINEL RELEASE: Implemented disable-model-invocation:true to prevent autonomous abuse. Aligned all env-var metadata. Removed experimental self-evolution scripts for a clean, audit-ready industrial toolkit.
v2.2.0
CRITICAL FIX: Standardized packaging to include ALL missing assets: secure_wrapper.py, requirements.txt, and 13+ Python scripts. Aligned manifest with SOTA_NUCLEAR_CONFIRMED environment variable. This is the first version where declaration matches distribution 100%.
v2.1.0
ULTIMATE FORTRESS: Implemented saturation gating across ALL scripts. Every function now requires explicit human verification via secure_wrapper.py. This version provides the highest safety level in the ecosystem.
v2.0.0
MAJOR: v2.0.0 Sovereign Edition. Verified Owner ID chain. Introduced secure_wrapper.py with dynamic challenge verification to enforce Human-in-the-loop for all Nuclear actions. Added SECURITY_EXPLAINED.md for transparent code audit.
Metadata
Slug drission-sota-toolkit
Version 7.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 25
Frequently Asked Questions

What is Drission Sota Toolkit?

Professional Web Intelligence & Automation Toolkit. Features Protocol Phantom (TLS/JA4), Local Socket Relaying, and Hardened physical gating. It is an AI Agent Skill for Claude Code / OpenClaw, with 318 downloads so far.

How do I install Drission Sota Toolkit?

Run "/install drission-sota-toolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Drission Sota Toolkit free?

Yes, Drission Sota Toolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Drission Sota Toolkit support?

Drission Sota Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Drission Sota Toolkit?

It is built and maintained by Biogod2020 (@biogod2020); the current version is v7.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments