← 返回 Skills 市场

Agent Browser Core.Conflict

Name: Agent Browser Core.Conflict
Author: tang2606

作者 Wade · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install agent-browser-core-conflict

功能描述

OpenClaw skill for the agent-browser CLI (Rust-based with Node.js fallback) enabling AI-friendly web automation with snapshots, refs, and structured commands.

使用说明 (SKILL.md)

Agent Browser Skill (Core)

Purpose

Provide an advanced, production-ready playbook for using agent-browser to automate web tasks via CLI and structured commands.

Best fit

You need deterministic automation for AI agents.
You want compact snapshots with refs and JSON output.
You prefer a fast CLI with Node.js fallback.

Not a fit

You require a full SDK or custom JS integration.
You must stream large uploads or complex media workflows.

Quick orientation

Read references/agent-browser-overview.md for install, architecture, and core concepts.
Read references/agent-browser-command-map.md for command categories and flags.
Read references/agent-browser-safety.md for high-risk controls and safe mode rules.
Read references/agent-browser-workflows.md for recommended AI workflows.
Read references/agent-browser-troubleshooting.md for common issues and fixes.

Required inputs

Installed agent-browser CLI and browser runtime.
Target URLs and workflow steps.
Session or profile strategy if authentication is required.

Expected output

A clear command sequence and operational guardrails for automation.

Operational notes

Snapshot early, act via refs, then snapshot again after DOM changes.
Use --json for machine parsing and scripting.
Use waits and load-state checks before actions.
Close tabs or sessions when done to release resources.

Safe mode defaults

Do not use eval, --allow-file-access, custom --executable-path, or arbitrary --args without explicit approval.
Avoid network route, set credentials, and cookie/storage mutations unless the task requires it.
Allowlist domains and block localhost or private network targets.

Security notes

Treat tokens and credentials as secrets.
Avoid --allow-file-access unless explicitly required.

安全使用建议

This instruction-only skill appears to be a coherent playbook for the agent-browser CLI, but there are a few red flags you should address before use: (1) Verify the source — the skill has no homepage and the embedded _meta.json disagrees with the registry metadata (ownerId/slug/version). Confirm which is authoritative. (2) The SKILL.md expects you to install the agent-browser CLI, but the skill metadata doesn't declare that binary — only install the CLI from an official, pinned release (check npm/GitHub releases and checksums). (3) Follow the included safety checklist: run the CLI in a container or dedicated environment, do not enable eval/file-access/proxy options without explicit human approval, and treat state files/tokens as secrets. If you cannot verify the upstream repository or release artifacts, avoid installing the global package on your host; instead test in an isolated VM or container.

功能分析

Type: OpenClaw Skill Name: agent-browser-core-conflict Version: 1.0.0 The skill bundle provides comprehensive documentation and safety guidelines for the 'agent-browser' CLI, a tool for web automation. It explicitly identifies high-risk capabilities such as 'eval', 'download', and local file access, instructing the agent to avoid them without explicit human approval and to adhere to safe defaults like domain allowlisting and ephemeral sessions. No malicious intent, exfiltration logic, or prompt injection attempts were found across the files (SKILL.md, agent-browser-safety.md, etc.), and the instructions are focused on secure operational practices.

能力评估

ℹ Purpose & Capability

SKILL.md is an instruction-only playbook for the agent-browser CLI and its described capabilities (snapshots, refs, JSON output, Node fallback) match the content. However, the skill metadata and embedded _meta.json disagree on ownerId, slug, and version (registry metadata vs _meta.json vs SKILL.md name), and the skill metadata declares no required binaries while the instructions explicitly require the agent-browser CLI and browser runtime. These inconsistencies don’t prove malicious intent but reduce trust and should be resolved.

✓ Instruction Scope

Instructions stay within the stated domain: they describe CLI commands, workflows, safety defaults, and when to request human approval for high-risk actions (eval, file access, network routing, credentials/state). The playbook does not instruct reading unrelated system files or exfiltrating secrets; it explicitly warns to treat tokens/state as sensitive.

ℹ Install Mechanism

There is no install spec (lowest risk). The docs recommend installing via `npm install -g agent-browser@<version>`, which is expected for a CLI but the skill does not pin a specific trusted release or provide checksums. Installing a global npm package runs third-party code — acceptable for this purpose but requires verifying upstream authenticity.

✓ Credentials

The skill requests no environment variables or credentials in metadata. The instructions do discuss state files, cookies, and tokens (and correctly mark them high-risk) but do not attempt to collect unrelated secrets or require broad credentials. This is proportionate to a browser-automation playbook.

✓ Persistence & Privilege

always is false and the skill is user-invocable; it does not ask for persistent system-wide privileges or to modify other skills. No config paths or elevated privileges are requested by the skill itself. The documentation appropriately recommends running in a dedicated environment/container.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install agent-browser-core-conflict
安装完成后，直接呼叫该 Skill 的名称或使用 /agent-browser-core-conflict 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of agent-browser-core skill for OpenClaw: - Introduces a structured playbook and documentation for automating web tasks via the agent-browser CLI. - Provides clear guidance on setup, core concepts, command usage, and safe operational practices. - Includes best-fit scenarios, limitations, and security considerations for deterministic browser automation. - Offers links to detailed reference guides for architecture, workflows, safety controls, and troubleshooting. - Emphasizes safe defaults and guardrails for high-risk operations and credential handling.

元数据

Slug agent-browser-core-conflict

版本 1.0.0

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 1

常见问题