← Back to Skills Marketplace
web-access-openclaw
by
ysyyrps777
· GitHub ↗
· v1.0.0
· MIT-0
855
Downloads
1
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install web-access-openclaw
Description
所有联网操作必须通过此 skill 处理,包括:搜索、网页抓取、登录后操作、网络交互等。 触发场景:用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容(小红书、微博、推特等)、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。
Usage Guidance
This skill appears to do what it claims (control your local Chrome to fetch/login/operate pages) but it grants powerful access: it connects to your real browser profile (so it can see logged-in sessions, cookies, pages), can run arbitrary JavaScript in page contexts, trigger uploads via local file paths, and runs a background HTTP proxy on your machine. Before installing or enabling it: 1) Verify the source: confirm the upstream GitHub repo and that the packaged files match the official project (the registry shows source unknown). 2) Review the cdp-proxy.mjs and check-deps.mjs code yourself (or have a trusted reviewer) — the code runs locally and exposes /eval which can read sensitive DOM data. 3) Restrict usage: prefer manual invocation and require explicit user confirmation for any write actions (posts, uploads, deletes); consider disabling autonomous invocation if you don't want the agent to call the skill without explicit prompts. 4) Run with an isolated Chrome profile (no sensitive logins) if you must use it, or only enable when needed; stop the proxy process when finished (or monitor localhost:3456 and the proxy log file). 5) If you cannot verify the package source or code, avoid installing or grant it minimal access (use a throwaway browser profile).
Capability Analysis
Type: OpenClaw Skill
Name: web-access-openclaw
Version: 1.0.0
The skill provides an AI agent with deep control over a user's active Chrome browser session via a local CDP proxy (`scripts/cdp-proxy.mjs`). It includes high-risk capabilities such as executing arbitrary JavaScript in the browser context (`/eval`), capturing screenshots, and uploading local files to web forms (`/setFiles`). While these features are aligned with the stated purpose of advanced web automation and session reuse for sites like Xiaohongshu, they grant the agent full access to the user's logged-in accounts and sensitive browser data. No evidence of intentional malice or hardcoded exfiltration was found, but the powerful primitives provided represent a significant attack surface if the agent is compromised or misdirected.
Capability Assessment
Purpose & Capability
The name/description (browser-backed web access, login-capable scraping and interaction) aligns with the included scripts and SKILL.md. The skill implements a local CDP proxy exposing endpoints to create background tabs, eval arbitrary JS, click, scroll, screenshot, and set file inputs — all coherent with the stated purpose.
Instruction Scope
Runtime instructions and bundled scripts read local Chrome debug info (DevToolsActivePort files), probe local TCP ports, start a local HTTP server (default localhost:3456), and instruct the agent to execute arbitrary JS inside pages via /eval. /setFiles lets the skill set local file paths into page file inputs (causes browser to upload files). These actions access local system state and user browser session data (cookies, auth), which is necessary for the skill's purpose but also expands the sensitive surface — the manifest did not declare local config path access even though the scripts read user paths.
Install Mechanism
No remote download/install step: this is an instruction + code bundle included in the skill. There are no external installers or arbitrary remote URLs being fetched at install time. The check-deps script may start a detached local Node process (cdp-proxy) and writes logs to the temp dir, which is expected for this functionality.
Credentials
The registry shows no required env vars or credentials, but runtime uses optional env vars (e.g., CDP_PROXY_PORT) and relies on the user's Chrome session (accessed via local DevTools/debug port). While this is functionally necessary, it effectively gives the skill access to logged-in site state and local browser resources — a high-privilege capability that is not expressed as explicit required credentials in the metadata.
Persistence & Privilege
The skill starts a detached, persistent local proxy process that keeps running and listens on localhost. always:false (not force-included) and disable-model-invocation:false (agent can call it autonomously). Autonomous invocation combined with the proxy's privileged access to browser sessions increases blast radius — the skill itself does not modify other skills or system-wide settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install web-access-openclaw - After installation, invoke the skill by name or use
/web-access-openclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Adapted web-access for OpenClaw custom skills, cleaned the published skill layout, validated Chrome CDP session reuse on Windows, and tested a real Xiaohongshu creator publish flow through the browser-backed skill.
Metadata
Frequently Asked Questions
What is web-access-openclaw?
所有联网操作必须通过此 skill 处理,包括:搜索、网页抓取、登录后操作、网络交互等。 触发场景:用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容(小红书、微博、推特等)、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。 It is an AI Agent Skill for Claude Code / OpenClaw, with 855 downloads so far.
How do I install web-access-openclaw?
Run "/install web-access-openclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is web-access-openclaw free?
Yes, web-access-openclaw is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does web-access-openclaw support?
web-access-openclaw is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created web-access-openclaw?
It is built and maintained by ysyyrps777 (@ysyyrps777); the current version is v1.0.0.
More Skills