← Back to Skills Marketplace

Silmaril Ranger

Name: Silmaril Ranger
Author: malac12

by Malac12 · GitHub ↗ · v1.0.2 · MIT-0

cross-platform ⚠ suspicious

378

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install silmaril-cdp

Description

Browser automation, DOM inspection, page mutation, wait orchestration, flow execution, and local proxy override work through the Silmaril Chrome DevTools Pro...

Usage Guidance

This skill is coherent for local browser automation, but you should take three precautions before using it: (1) Review the GitHub repository contents (Malac12/CDP-tools) before cloning or running any scripts — silmaril.cmd will invoke PowerShell with ExecutionPolicy Bypass which will execute code on your machine. (2) Avoid using eval-js and proxy commands unless you fully trust the target site and understand MITM risks; do not set SILMARIL_ALLOW_UNSAFE_JS or SILMARIL_ALLOW_MITM globally unless in a controlled/trusted environment. (3) Run initial experiments in an isolated environment (VM or disposable account) and verify the exact local paths (docs contain typos like 'silmairl') before granting approval to fetch or execute remote code.

Capability Analysis

Type: OpenClaw Skill Name: silmaril-cdp Version: 1.0.2 The skill bundle provides a wrapper for the 'Silmaril CDP' toolkit, which includes high-risk capabilities such as arbitrary JavaScript execution (eval-js) and local traffic interception/modification via mitmproxy (proxy-override). It instructs the agent to download the toolkit from an external GitHub repository (github.com/Malac12/CDP-tools.git) and executes commands using PowerShell with 'ExecutionPolicy Bypass'. While the instructions include safety warnings and require explicit flags for risky actions, the combination of remote code fetching, traffic manipulation, and hardcoded local paths (e.g., C:\Users\hangx\) warrants a suspicious classification.

Capability Assessment

✓ Purpose & Capability

Name/description (CDP browser automation, DOM reading/mutation, flows, local proxy overrides) matches the SKILL.md and reference files. The instructions, commands, and referenced files all relate to driving a local Silmaril CDP toolkit; nothing requests unrelated cloud credentials or unrelated binaries.

ℹ Instruction Scope

The SKILL.md instructs the agent to locate and run a local silmaril.cmd and, if missing, to clone https://github.com/Malac12/CDP-tools.git after explicit user approval. It explicitly calls out high-risk commands (eval-js and proxy commands) and recommends flags or env vars to limit risk. The skill does not instruct reading unrelated system files or exfiltrating data, but it does rely on executing PowerShell scripts (silmaril.cmd) which will run code on the host — review is advised.

ℹ Install Mechanism

There is no formal install spec; the skill is instruction-only. The suggested install uses git clone from a GitHub repository (a well-known host), and the SKILL.md insists on explicit user approval before fetching remote code. This is acceptable but the actual repository contents must be reviewed prior to running. The file paths in the docs contain typos (e.g., 'D:\silmairl cdp') which merit attention.

✓ Credentials

The skill does not require environment variables or credentials. It documents optional environment toggles (SILMARIL_ALLOW_UNSAFE_JS, SILMARIL_ALLOW_MITM) for enabling risky behaviors; these are optional and their use is appropriately cautioned in the instructions.

✓ Persistence & Privilege

always is false, no install-time persistence is requested by the skill itself, and there is no instruction to modify other skills or system-wide settings beyond running the local toolkit. Autonomous model invocation is enabled by default but is not combined with other privilege-escalating requests.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install silmaril-cdp
After installation, invoke the skill by name or use /silmaril-cdp
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.2

### Security - Added explicit safeguard enforcement for high-risk commands. - eval-js now requires --allow-unsafe-js, or SILMARIL_ALLOW_UNSAFE_JS=1 in a trusted local session. - proxy-override, proxy-switch, and openurl-proxy now require --allow-mitm, or SILMARIL_ALLOW_MITM=1 in a trusted local session. - Proxy helper commands now enforce loopback-only binding by default. Non-local proxy binding requires explicit --allow-nonlocal-bind. ### Changed - Updated eval-js to record the safeguard acknowledgement source in JSON output. - Updated proxy commands to record the safeguard acknowledgement source in JSON output. - Updated dispatcher help text to show the new safeguard flags in command usage. - Updated the openurl-proxy missing-rules guidance to show the new --allow-mitm requirement. ### Documentation - Updated the silmaril-cdp skill documentation to mark eval-js, proxy-override, proxy-switch, and openurl-proxy as high-risk commands. - Added guidance that cloning or installing the toolkit should only happen after explicit user approval. - Updated command examples in the skill references, COMMAND_GUIDE.md, and MITM docs to include the new safeguard flags. - Documented the new environment variable overrides for trusted local sessions. ### Tests - Added unit tests for high-risk safeguard enforcement on eval-js, openurl-proxy, proxy-override, and proxy-switch. - Added unit tests for shared helper behavior covering truthy opt-in values and loopback host validation. - Verified the unit test suite passes after the safeguard changes.

v1.0.1

- Removed four reference and agent files, including documentation and configuration (openai.yaml, command-patterns.md, flows.md, proxy.md). - Updated documentation to add a section on installing the toolkit if missing, with Windows setup instructions. - Default workflow, operating rules, and command selection remain unchanged. - References to removed Markdown files are still mentioned in documentation.

v1.0.0

Initial release of Silmaril CDP skill. - Enables browser automation using Silmaril's Chrome DevTools Protocol toolkit. - Supports DOM inspection, page mutation, wait orchestration, flow execution, and local proxy management. - Details preferred command usage and best practices for stable automation. - Provides guidance on toolkit location, PowerShell invocation, and workflow steps. - Includes references to example command patterns, flows, and proxy configurations.

Metadata

Slug silmaril-cdp

Version 1.0.2

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 3

Frequently Asked Questions

What is Silmaril Ranger?

Browser automation, DOM inspection, page mutation, wait orchestration, flow execution, and local proxy override work through the Silmaril Chrome DevTools Pro... It is an AI Agent Skill for Claude Code / OpenClaw, with 378 downloads so far.

How do I install Silmaril Ranger?

Run "/install silmaril-cdp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Silmaril Ranger free?

Yes, Silmaril Ranger is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Silmaril Ranger support?

Silmaril Ranger is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Silmaril Ranger?

It is built and maintained by Malac12 (@malac12); the current version is v1.0.2.

More Skills