← Back to Skills Marketplace
tappi
by
shaihazher
· GitHub ↗
· v3.5.0
811
Downloads
0
Stars
1
Active Installs
10
Versions
Install in OpenClaw
/install tappi
Description
Lightweight CDP browser control for AI agents. Token-efficient alternative to the built-in browser tool — 3-10x fewer tokens per interaction. Use when browsi...
Usage Guidance
This package appears to implement what it says (a lightweight CDP CLI) but exercise caution before installing:
- The tool requires Node.js/npm and a Chrome/Chromium with --remote-debugging-port; the registry metadata did not declare Node as a required binary — confirm you want to run Node scripts from this skill.
- The CLI can read local files (paste --file) and inject files into web pages (upload), and it can execute arbitrary JS in pages (eval). These behaviors are necessary for its features but can expose sensitive files or send data to external sites if misused. Do not run it with a browser profile that has signed-in accounts or sensitive cookies unless you trust the code and environment.
- The CDP endpoint defaults to localhost, but CDP_URL can be changed; avoid pointing it at untrusted remote endpoints.
- Review the full scripts/browser.js (and any truncated parts) yourself or run in an isolated environment (container or VM) before giving it access to real data or profiles.
- If you decide to proceed: run the install step yourself (cd scripts && npm install), inspect installed node_modules (ws), and consider restricting the browser profile used (use a disposable profile or containerized browser).
Capability Analysis
Type: OpenClaw Skill
Name: tappi
Version: 3.5.0
The skill is suspicious due to its powerful capabilities that, while aligned with browser automation, present significant prompt injection risks against an AI agent. Specifically, `scripts/browser.js` implements an `eval` command allowing arbitrary JavaScript execution within the browser context, and `paste --file` and `upload` commands that can read local files. A compromised agent could be prompted to use these commands to exfiltrate sensitive browser data (e.g., cookies, local storage via `eval`) or local files (e.g., `~/.ssh/id_rsa` via `paste --file` then exfiltrated via `eval` making a network request).
Capability Assessment
Purpose & Capability
The SKILL.md and embedded scripts implement a local Node.js CLI that talks to a Chrome DevTools Protocol endpoint — this matches the skill description. However, the registry metadata lists no required binaries while SKILL.md instructs you to run `npm install` and run `node` (Node.js/npm are functionally required). That metadata omission is a mismatch and should have been declared. Also SKILL.md claims 'instruction-only' install but includes sizeable JS code that must be installed and run.
Instruction Scope
Instructions are narrowly scoped to controlling a Chrome/Chromium instance via CDP (navigate, click, type, upload, eval, screenshot). Those actions are expected for this purpose. Important note: several commands intentionally read local files (paste --file, upload) and run arbitrary JS in page context (eval), which are coherent with the tool's functionality but enable reading local files and interacting with remote websites (potential exfiltration).
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs the user to run `cd scripts && npm install`, which pulls the 'ws' package from npm. Using npm is a reasonable choice for a Node CLI, but it is a moderate-risk install path compared with no-install — it writes code to disk and pulls third-party packages. The registry should have declared this requirement.
Credentials
The skill declares no required environment variables, and the code defaults to a local CDP endpoint at http://127.0.0.1:18800 (override via CDP_URL). That is proportionate. Caveat: if CDP_URL is set to a remote endpoint, the tool could talk to a non-local CDP (potential exfiltration). The ability to read files and upload them to web pages is functionally justified but increases privacy risk; these capabilities are powerful and should be used only with trusted profiles and content.
Persistence & Privilege
The skill does not request always:true or modify other skills or agent-wide settings. It requires explicit invocation and runs as a local Node CLI; no elevated or persistent platform privileges are requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tappi - After installation, invoke the skill by name or use
/tappi - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.5.0
grep filtering for text and elements. Use bjs text | grep or bjs elements | grep to filter output. Saves context for smaller models.
v3.4.0
Tool hierarchy documentation: Smart vs Low-level actions. type() uses el.focus() before mouse click. paste command with file support and auto-verify.
v3.3.0
type() uses el.focus() before mouse click to avoid popups. Tool-level housekeeping so agents don't need to worry about focus management.
v3.2.0
Auto-verify on type and click. type reports char count + verification. click reports navigation, checkbox state, dialog changes. paste command for reliable long content insertion.
v3.1.0
Add paste command — reliable content insertion with auto-verify and file support. Add focus and check commands.
v3.0.0
Add focus() and check() commands for input verification and focus recovery. Updated agent tool descriptions with verification guidance.
v2.3.0
Fix Sheets docs: --enter doesn't advance rows, use Name Box navigation per row + --tab within rows
v2.2.0
Add 'keys' command for raw CDP keyboard input — works on canvas-based apps (Google Sheets, Docs, Figma)
v2.1.0
- Updated dependencies in scripts/package.json and scripts/package-lock.json.
- Minor internal updates to scripts/browser.js; no user-facing command changes.
- Documentation (SKILL.md) and metadata unchanged.
- No new features or behavior changes in this release.
v2.0.0
Renamed from browser-js. tappi is a lightweight CDP browser control tool for AI agents — 3-10x fewer tokens than accessibility tree tools. Shadow DOM piercing, coordinate commands, file uploads.
Metadata
Frequently Asked Questions
What is tappi?
Lightweight CDP browser control for AI agents. Token-efficient alternative to the built-in browser tool — 3-10x fewer tokens per interaction. Use when browsi... It is an AI Agent Skill for Claude Code / OpenClaw, with 811 downloads so far.
How do I install tappi?
Run "/install tappi" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is tappi free?
Yes, tappi is completely free (open-source). You can download, install and use it at no cost.
Which platforms does tappi support?
tappi is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created tappi?
It is built and maintained by shaihazher (@shaihazher); the current version is v3.5.0.
More Skills