← Back to Skills Marketplace

chrome-cdp

Name: chrome-cdp
Author: adminlove520

by Anonymous · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

858

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install chrome-cdp

Description

通过Chrome远程调试协议访问已打开的Chrome标签页，支持读取登录状态页面及与真实页面交互操作。

README (SKILL.md)

chrome-cdp-skill

让AI agent访问你已打开的Chrome标签页

简介

chrome-cdp-skill 通过Chrome远程调试协议(CDP)连接你已经在用的Chrome会话，让AI可以：

读取已登录账户的页面(Gmail、GitHub等)
与你正在工作的标签页交互
查看真实页面状态（非重新加载的干净状态）

安装

前提条件

Chrome浏览器
Node.js 22+

启用Chrome远程调试

在Chrome地址栏输入：chrome://inspect/#remote-debugging
打开"启用远程调试"开关

安装Skill

# 克隆仓库
git clone https://github.com/pasky/chrome-cdp-skill.git
cd chrome-cdp-skill

# 或复制 skills/chrome-cdp/ 目录到你的agent skills目录

使用方法

基本命令

# 列出打开的标签页
node scripts/cdp.mjs list

# 截图
node scripts/cdp.mjs shot \x3CtargetId>

# 获取可访问性树
node scripts/cdp.mjs snap \x3CtargetId>

# 获取HTML
node scripts/cdp.mjs html \x3CtargetId> [".selector"]

# 点击元素
node scripts/cdp.mjs click \x3CtargetId> "selector"

# 输入文字
node scripts/cdp.mjs type \x3CtargetId> "text"

# 导航
node scripts/cdp.mjs nav \x3CtargetId> https://...

# 评估JavaScript
node scripts/cdp.mjs eval \x3CtargetId> "expression"

# 网络资源计时
node scripts/cdp.mjs net \x3CtargetId>

# 加载更多（点击"加载更多"直到消失）
node scripts/cdp.mjs loadall \x3CtargetId> "selector"

获取targetId

首先运行 list 命令获取标签页的targetId：

$ node scripts/cdp.mjs list
TargetID  Title                     URL
---------  -----                     ---
abc123def  Gmail - Google Account   https://mail.google.com/...
def456ghi  GitHub                   https://github.com/...

然后用targetId前缀操作：

node scripts/cdp.mjs snap abc
node scripts/cdp.mjs click abc "#compose"
node scripts/cdp.mjs type abc "Hello World"

与OpenClaw集成

方法1：直接调用脚本

在OpenClaw中通过exec调用：

node /path/to/chrome-cdp-skill/scripts/cdp.mjs list

方法2：创建MCP服务器

可以将其封装为MCP服务器供OpenClaw调用。

方法3：创建OpenClaw Skill

参考 skills/chrome-cdp/index.js 创建完整Skill。

优势对比

特性	chrome-cdp	Puppeteer类工具
浏览器	已有Chrome	新启动浏览器
登录状态	保持	需重新登录
页面状态	真实状态	干净状态
标签页数量	100+不卡	容易超时
依赖	仅Node.js	Puppeteer+浏览器

注意事项

首次访问标签页时，Chrome会弹出"允许调试"确认框
守护进程20分钟无活动自动退出
目标ID只需唯一前缀即可匹配

参考

GitHub: https://github.com/pasky/chrome-cdp-skill
作者: pasky
Stars: 1000+

Usage Guidance

Do not install blindly. Before using: (1) Note that the packaged index.js expects scripts/cdp.mjs which are not included — SKILL.md tells you to git-clone a GitHub repo; audit that repository and the scripts/cdp.mjs file before pulling or running anything. (2) The code constructs a shell command by joining arguments and calls execSync — this is vulnerable to command injection if untrusted input reaches the functions. Ask the author to switch to spawn/execFile with argument arrays or properly escape inputs. (3) Because the skill can read your open, logged-in web pages, only run it on a trusted machine and consider using an isolated environment/profile. (4) If you need this functionality but want lower risk, prefer an implementation that bundles its runtime scripts, documents checksums, and avoids shell-string execution. If you proceed, review scripts/cdp.mjs, pin/verify commits, and restrict automatic/autonomous invocation until you are confident about the code.

Capability Analysis

Type: OpenClaw Skill Name: chrome-cdp Version: 1.0.0 The skill provides high-risk capabilities by allowing an AI agent to control and read data from a user's active Chrome session (including authenticated sites like Gmail). A critical shell injection vulnerability exists in index.js, where execSync is used to execute commands with unsanitized arguments. Additionally, the skill is incomplete and requires the user to clone an external repository (https://github.com/pasky/chrome-cdp-skill), which introduces a supply chain risk.

Capability Assessment

⚠ Purpose & Capability

Name/description match the code's intent (control Chrome via CDP). However index.js expects a helper script at scripts/cdp.mjs that is not present in the package; SKILL.md instructs users to git clone https://github.com/pasky/chrome-cdp-skill to obtain missing files. Requiring an external repo at runtime (not bundled) is an inconsistency and forces fetching and running unvetted code to make the skill functional.

⚠ Instruction Scope

SKILL.md's runtime instructions are focused on enabling remote debugging and running the included scripts, which is within scope. But index.js runs child processes via execSync by building a single shell string (cmd.join(' ')) from user-supplied arguments (targetId, selectors, expressions). This is a command-injection risk: specially crafted inputs could execute arbitrary shell commands. The skill also promises access to logged-in pages (sensitive data) — expected for purpose but high-risk in practice.

ℹ Install Mechanism

There is no formal install spec in the package; SKILL.md directs users to git-clone a GitHub repo to obtain required scripts. Fetching additional code from GitHub is common but still a supply-chain step that should be audited. The packaged index.js alone is insufficient to function, so the user must pull external code before use.

ℹ Credentials

The skill does not request environment variables or credentials, which is proportionate. However, its legitimate functionality requires access to the user's running Chrome and will read the contents of logged-in pages (Gmail, GitHub, etc.), which is inherently sensitive — users should consider whether exposing those pages to an agent is acceptable.

✓ Persistence & Privilege

The skill is not marked always:true and does not request system-wide config changes or persistent privileges. It does execute commands locally but does not itself claim to persist or modify other skills.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install chrome-cdp
After installation, invoke the skill by name or use /chrome-cdp
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of chrome-cdp-skill. - Enables AI agents to access and interact with your open Chrome tabs using the Chrome DevTools Protocol (CDP). - Supports reading logged-in pages, interacting with live tabs, and accessing actual in-use page states. - Provides a command-line interface to list tabs, take screenshots, extract HTML, click elements, type, navigate, and evaluate JavaScript. - Integrates with OpenClaw via direct script execution, MCP server, or as a Skill. - Requires Chrome with remote debugging enabled and Node.js 22+.

Metadata

Slug chrome-cdp

Version 1.0.0

License MIT-0

All-time Installs 12

Active Installs 11

Total Versions 1

Frequently Asked Questions

What is chrome-cdp?

通过Chrome远程调试协议访问已打开的Chrome标签页，支持读取登录状态页面及与真实页面交互操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 858 downloads so far.

How do I install chrome-cdp?

Run "/install chrome-cdp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is chrome-cdp free?

Yes, chrome-cdp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does chrome-cdp support?

chrome-cdp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created chrome-cdp?

It is built and maintained by Anonymous (@adminlove520); the current version is v1.0.0.

More Skills