← Back to Skills Marketplace
biogod2020

Ultimate Freedom Protocol

by Biogod2020 · GitHub ↗ · v9.0.0 · MIT-0
cross-platform ⚠ suspicious
312
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install ultimate-freedom-protocol
Description
Ultimate Web Freedom Protocol (v9.0.0). Leverages 'Protocol Phantom' (curl_cffi kernel-level TLS impersonation) to bypass DataDome, Cloudflare, and Bilibili....
Usage Guidance
This package is explicitly designed to bypass WAFs and to take low-level control of local browser instances (CDP takeovers, driver injection, and tunneling). That behavior is coherent with its description but is high-risk: it opens network ports, creates local relays/sockets, writes in user home directories, and includes 'nuclear' operations gated only by environment variables or local lockfiles. Before installing or running: (1) do not run on a production or shared host — isolate it in a VM or disposable container with no sensitive credentials; (2) review and understand any scripts that start daemons, bind 0.0.0.0, or use CDP; change remote-debugging-address so it only binds to localhost if you must run; (3) verify provenance and author identity — the package has no homepage and an unknown source; (4) remove or sandbox any scripts that open relays or accept incoming connections; (5) if you need only benign scraping, consider simpler, well-audited libraries instead. Additional information that would raise confidence: an authoritative upstream repo/homepage, a reproducible, minimal install process (no daemonization), explicit manifest of all runtime effects, and proof that remote endpoints are never bound to non-loopback interfaces.
Capability Analysis
Type: OpenClaw Skill Name: ultimate-freedom-protocol Version: 9.0.0 The bundle provides advanced web scraping tools designed to bypass anti-bot protections (DataDome, Cloudflare) using 'Protocol Phantom' (curl_cffi) and DrissionPage. It contains several high-risk components, including a TCP relay (python_relay.py) that forwards the Chrome DevTools Protocol (CDP) port, scripts for raw CDP takeover (force_takeover.py, nuclear_option.py), and shell scripts (daemon_chrome_v2.sh) that expose the browser's remote debugging port on 0.0.0.0. While the stated intent is scraping, the inclusion of 'Nuclear' options, network listeners, and complex custom 'security' wrappers using Unix Domain Sockets (sota_core.py) creates a significant attack surface. The presence of hardcoded user paths (/home/jiahao/) and references to external VPS IPs (198.23.155.120) further indicates a lack of standard security hygiene.
Capability Assessment
Purpose & Capability
Name/description claim WAF/anti-bot bypass; code files and SKILL.md implement exactly that (curl_cffi impersonation, browser/CDP takeover, driver injection, tunneling). Requiring google-chrome-stable and xvfb-run is consistent with the toolkit's browser-based fallback. However, some requested capabilities (opening raw CDP takeovers, UDS handshake-based gating, and remote debugging exposed to 0.0.0.0) go beyond ordinary scraping and enable local takeover/remote control scenarios.
Instruction Scope
SKILL.md and scripts instruct the agent to: start Chrome with remote-debugging-address=0.0.0.0, spawn a local relay, bind sockets, accept CDP connections and perform 'takeover' and 'driver injection', read/write files under user home and /tmp, and start persistent/daemon processes. These actions expand scope well beyond simple data retrieval and permit local-privilege or cross-namespace network bridging.
Install Mechanism
Registry metadata claims 'instruction-only' yet the bundle contains 29+ script files. There is no install spec (no controlled package install), so runtime execution will run bundled scripts directly. The lack of an install step combined with many executable scripts is an operational inconsistency that increases risk (files will run without an explicit, reviewed install).
Credentials
Manifest declares no required env vars, but scripts reference environment-based safety gates (SOTA_NUCLEAR_CONFIRMED), DBUS session variables, and require/assume file tokens at ~/.openclaw/tmp/sota_active.lock and hardcoded user paths (/home/jiahao). The skill also unwraps network tunnels and binds ports. The skill requests no external API keys, but needs broad local environment access which is not declared or gated clearly.
Persistence & Privilege
Multiple scripts and a shell daemon attempt to start background services (xvfb/chrome, python_relay daemon via nohup), create sockets (/tmp/.sota_auth.sock), open TCP ports (9222/9223), and write files into user directories. Although some scripts include self-destruct/timeouts, the combination of daemonization and exposing remote-debugging on 0.0.0.0 is a significant privilege and persistence risk if run on a multi-tenant host.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ultimate-freedom-protocol
  3. After installation, invoke the skill by name or use /ultimate-freedom-protocol
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v9.0.0
V9.0.0 ARCHITECTURAL REVOLUTION: Integrated 'Protocol Phantom' (curl_cffi) as the primary offensive engine. Successfully bypassed Bilibili 412 and DataDome. Unified the toolkit under a protocol-first strategy, making server-side scraping truly undetectable.
Metadata
Slug ultimate-freedom-protocol
Version 9.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Ultimate Freedom Protocol?

Ultimate Web Freedom Protocol (v9.0.0). Leverages 'Protocol Phantom' (curl_cffi kernel-level TLS impersonation) to bypass DataDome, Cloudflare, and Bilibili.... It is an AI Agent Skill for Claude Code / OpenClaw, with 312 downloads so far.

How do I install Ultimate Freedom Protocol?

Run "/install ultimate-freedom-protocol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ultimate Freedom Protocol free?

Yes, Ultimate Freedom Protocol is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ultimate Freedom Protocol support?

Ultimate Freedom Protocol is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Ultimate Freedom Protocol?

It is built and maintained by Biogod2020 (@biogod2020); the current version is v9.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments