← Back to Skills Marketplace
liranudi

Web Pilot

by Liran Udi · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
9394
Downloads
1
Stars
118
Active Installs
1
Versions
Install in OpenClaw
/install web-pilot
Description
Search the web and read page contents without API keys. Use when you need to search via DuckDuckGo/Brave/Google (multi-page), extract readable text from URLs...
Usage Guidance
Use this only if you are comfortable running a local browser automation tool. Prefer an isolated environment, avoid logged-in or sensitive sites unless you directly control each action, close browser sessions when finished, and avoid untrusted downloads until filename confinement and TLS verification behavior are fixed.
Capability Analysis
Type: OpenClaw Skill Name: web-pilot Version: 1.0.0 The skill bundle is classified as suspicious due to several high-risk capabilities that, while part of its stated functionality, introduce significant vulnerabilities if misused. Specifically, `scripts/download_file.py` and `scripts/browser_session.py` allow writing files (downloads, screenshots, PDFs) to arbitrary paths on the host system, which could lead to arbitrary file write vulnerabilities. Additionally, `scripts/browser_session.py` includes an `eval` action that permits arbitrary JavaScript execution within the browser context, posing a risk for client-side data theft or browser exploitation. `scripts/download_file.py` also weakens security by falling back to `verify=False` for SSL errors. These are powerful primitives that could be exploited via prompt injection against the AI agent, but there is no clear evidence of intentional malicious behavior (e.g., covert exfiltration, persistence mechanisms) within the code itself.
Capability Assessment
Purpose & Capability
Search, page reading, downloads, screenshots, form interaction, cookie dismissal, and browser automation fit the stated accessibility and web-browsing purpose, and the README documents most powerful actions including form submission and JavaScript evaluation.
Instruction Scope
Several high-impact actions are available without built-in confirmation or scoping, including clicking page controls, submitting forms, accepting cookie prompts automatically, and evaluating arbitrary JavaScript in the active page.
Install Mechanism
Installation is manual and uses normal Python/Playwright dependencies, but dependency versions are not pinned and Chromium is installed as part of setup.
Credentials
The downloader can use remote or caller-supplied filenames without path confinement and silently retries HTTPS downloads with certificate verification disabled, so untrusted downloads can create unsafe local artifacts.
Persistence & Privilege
The persistent browser forks a long-running local server on a fixed /tmp Unix socket with no visible authentication; while active, that socket can drive browser actions including extraction, screenshots, form filling, and JavaScript evaluation.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install web-pilot
  3. After installation, invoke the skill by name or use /web-pilot
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: browser automation & accessibility skill with 20+ actions — search, browse, interact, screenshot, form fill, JS eval, PDF export
Metadata
Slug web-pilot
Version 1.0.0
License
All-time Installs 336
Active Installs 118
Total Versions 1
Frequently Asked Questions

What is Web Pilot?

Search the web and read page contents without API keys. Use when you need to search via DuckDuckGo/Brave/Google (multi-page), extract readable text from URLs... It is an AI Agent Skill for Claude Code / OpenClaw, with 9394 downloads so far.

How do I install Web Pilot?

Run "/install web-pilot" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Web Pilot free?

Yes, Web Pilot is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Web Pilot support?

Web Pilot is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Web Pilot?

It is built and maintained by Liran Udi (@liranudi); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments