← Back to Skills Marketplace
web3toolshub

chrome-cdp-skill

by Web3ToolsHub · GitHub ↗ · v1.0.6 · MIT-0
darwinlinuxwin32 ⚠ suspicious
478
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install chrome-cdp-skill
Description
Interact with a local Chrome-family browser session over CDP when the user explicitly asks to inspect, debug, or interact with a page they already have open.
README (SKILL.md)

Chrome CDP

Lightweight Chrome DevTools Protocol CLI. Connects directly via WebSocket, does not need Puppeteer, and works well with large tab counts.

Prerequisites

  • Chrome (or Chromium, Brave, Edge, Vivaldi) with remote debugging enabled: open chrome://inspect/#remote-debugging and toggle the switch
  • Node.js 22+ (uses built-in WebSocket)
  • No Python or pip packages are required
  • No npm install step is required
  • If your browser's DevToolsActivePort is in a non-standard location, set CDP_PORT_FILE to its full path

Quick setup

  1. Open Chrome and keep it running.
  2. Open chrome://inspect/#remote-debugging.
  3. Turn on remote debugging.
  4. Keep the browser open while using this skill.
  5. Run {baseDir}/scripts/cdp.mjs list to confirm that tabs are visible.

On first access to a tab, Chrome may ask the user to approve debugging access.

Installation

  • Recommended: clawhub install chrome-cdp-skill
  • Manual: place this skill directory in your OpenClaw workspace skills/ folder
  • This skill does not require npm install, Python, or pip packages

Safety

This skill can inspect and control a real local browser session. Commands such as eval, evalraw, click, type, and nav are intentionally powerful and may trigger warnings from security scanners.

Only use this skill when the user explicitly wants you to inspect or operate pages they already have open. Assume those tabs may contain sensitive logged-in content.

The skill only works after the user enables Chrome remote debugging. On first access to a tab, Chrome may ask the user to approve debugging access.

Commands

All commands use {baseDir}/scripts/cdp.mjs. The \x3Ctarget> is a unique targetId prefix from list; copy the full prefix shown in the list output (for example 6BE827FA). The CLI rejects ambiguous prefixes.

List open pages

{baseDir}/scripts/cdp.mjs list

Take a screenshot

{baseDir}/scripts/cdp.mjs shot \x3Ctarget> [file]    # default: screenshot-\x3Ctarget>.png in runtime dir

Captures the viewport only. Scroll first with eval if you need content below the fold. Output includes the page's DPR and coordinate conversion hint (see Coordinates below).

Accessibility tree snapshot

{baseDir}/scripts/cdp.mjs snap \x3Ctarget>

Evaluate JavaScript

{baseDir}/scripts/cdp.mjs eval \x3Ctarget> \x3Cexpr>

Watch out: avoid index-based selection (querySelectorAll(...)[i]) across multiple eval calls when the DOM can change between them (e.g. after clicking Ignore, card indices shift). Collect all data in one eval or use stable selectors.

Other commands

{baseDir}/scripts/cdp.mjs html    \x3Ctarget> [selector]      # full page or element HTML
{baseDir}/scripts/cdp.mjs nav     \x3Ctarget> \x3Curl>           # navigate and wait for load
{baseDir}/scripts/cdp.mjs net     \x3Ctarget>                 # resource timing entries
{baseDir}/scripts/cdp.mjs click   \x3Ctarget> \x3Cselector>      # click element by CSS selector
{baseDir}/scripts/cdp.mjs clickxy \x3Ctarget> \x3Cx> \x3Cy>         # click at CSS pixel coords
{baseDir}/scripts/cdp.mjs type    \x3Ctarget> \x3Ctext>          # Input.insertText at current focus; works in cross-origin iframes unlike eval
{baseDir}/scripts/cdp.mjs loadall \x3Ctarget> \x3Cselector> [ms] # click "load more" until gone (default 1500ms between clicks)
{baseDir}/scripts/cdp.mjs evalraw \x3Ctarget> \x3Cmethod> [json] # raw CDP command passthrough
{baseDir}/scripts/cdp.mjs open    [url]                    # open new tab (each triggers Allow prompt)
{baseDir}/scripts/cdp.mjs stop    [target]                 # stop daemon(s)

Coordinates

shot saves an image at native resolution: image pixels = CSS pixels × DPR. CDP Input events (clickxy etc.) take CSS pixels.

CSS px = screenshot image px / DPR

shot prints the DPR for the current page. Typical Retina (DPR=2): divide screenshot coords by 2.

Tips

  • Prefer snap --compact over html for page structure.
  • Use type (not eval) to enter text in cross-origin iframes — click/clickxy to focus first, then type.
  • Chrome shows an "Allow debugging" modal once per tab on first access. A background daemon keeps the session alive so subsequent commands need no further approval. Daemons auto-exit after 20 minutes of inactivity.
Usage Guidance
This skill legitimately controls a local browser via Chrome's DevTools Protocol. Before installing: (1) Confirm you trust the skill source and review scripts/cdp.mjs (it runs locally and will create sockets/files under your home directory). (2) Only enable Chrome remote debugging when you intend to allow this access — remote debugging + eval/evalraw can execute arbitrary JS in pages (including pages where you're logged in). (3) Avoid using it on sensitive or production accounts unless you understand the implications. (4) If you need stronger assurance, run the script in an isolated account or VM and inspect the code for any unexpected network calls or telemetry.
Capability Analysis
Type: OpenClaw Skill Name: chrome-cdp-skill Version: 1.0.6 The skill provides a powerful interface for controlling a local Chrome browser via the DevTools Protocol (CDP), enabling arbitrary JavaScript execution (`eval`) and raw protocol commands (`evalraw`) through `scripts/cdp.mjs`. While the implementation is technically sound and includes local security precautions like restricted file permissions (0o700), the inherent capabilities allow an agent to access sensitive browser data, including cookies and authenticated sessions. The use of a background daemon and IPC via Unix sockets or named pipes provides persistent access to the browser, which is a high-risk capability that could be exploited if the agent is subjected to prompt injection.
Capability Assessment
Purpose & Capability
Name/description match the implemented behaviour: the script opens a local DevTools WebSocket, lists pages, screenshots, evaluates JS, clicks, navigates, and manages per-tab daemons. Required binary (node) and read access to browser DevToolsActivePort files are expected for this purpose.
Instruction Scope
SKILL.md instructs the agent to run the included CLI (scripts/cdp.mjs) which reads DevToolsActivePort files, creates a runtime directory and sockets, and connects to the browser's local CDP WebSocket. This is necessary for operation but also means the skill can inspect and control content in any open tab once remote debugging is enabled; eval/evalraw commands allow executing arbitrary JS inside pages. The SKILL.md explicitly warns about sensitive content.
Install Mechanism
No install spec; instruction-only with a single Node script. Nothing is downloaded from external URLs during install and no package managers are required, so install risk is low.
Credentials
The skill requires only Node and optionally reads environment variables CDP_PORT_FILE and CDP_HOST (documented in SKILL.md) and uses home/XDG dirs for sockets/cache. It does not request secret tokens or unrelated credentials. Access to the user's home directory and runtime dirs is necessary for socket files and caching.
Persistence & Privilege
Does not request always:true and is not force-enabled. It spawns per-tab daemons and writes runtime files under a user-scoped directory; daemons auto-exit after idle. It does not modify other skills or global agent configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install chrome-cdp-skill
  3. After installation, invoke the skill by name or use /chrome-cdp-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
update
v1.0.5
change slug and name
v1.0.4
Clarify installation, dependencies, remote debugging setup, and security notes
v1.0.3
Clarify dependencies, remote debugging setup, and security notes
v1.0.2
Initial ClawHub release
Metadata
Slug chrome-cdp-skill
Version 1.0.6
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 5
Frequently Asked Questions

What is chrome-cdp-skill?

Interact with a local Chrome-family browser session over CDP when the user explicitly asks to inspect, debug, or interact with a page they already have open. It is an AI Agent Skill for Claude Code / OpenClaw, with 478 downloads so far.

How do I install chrome-cdp-skill?

Run "/install chrome-cdp-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is chrome-cdp-skill free?

Yes, chrome-cdp-skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does chrome-cdp-skill support?

chrome-cdp-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created chrome-cdp-skill?

It is built and maintained by Web3ToolsHub (@web3toolshub); the current version is v1.0.6.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments