← 返回 Skills 市场
peanuts62

AI-Search-Hub

作者 peanuts62 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
329
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install ai-search-hub
功能描述
Run the AI Search Hub browser automation scripts for Yuanbao, LongCat, Doubao, Qwen, Gemini, and Grok. Use this skill when the user wants to ask one of those...
使用说明 (SKILL.md)

AI Search Hub

Use this skill only for this repository's AI Search Hub browser automation scripts:

  • scripts/yuanbao_playwright.py
  • scripts/longcat_playwright.py
  • scripts/doubao_playwright.py
  • scripts/qwen_playwright.py
  • scripts/gemini_playwright.py
  • scripts/grok_playwright.py \r

When To Use\r

\r Use this skill when the user asks to:

  • run one of the supported chat sites from this repo
  • normalize invocation across the three scripts
  • auto-start a debug Chromium-family browser session
  • detect whether 127.0.0.1:9222 is available
  • prompt for login if the target site is not logged in, then continue automatically
  • seed an isolated debug profile from the user's local browser data \r

How To Run\r

\r Run the bundled wrapper script instead of calling the site script directly:

python3 scripts/run_web_chat.py --site doubao --prompt "Give me a short Hangzhou food guide."

Key arguments:

  • --site yuanbao|longcat|doubao|qwen|gemini|grok
  • --prompt "..." required
  • --repo-root \x3Cpath> if the current working directory is not the repo root
  • --cdp-http http://127.0.0.1:9222 to reuse an existing DevTools endpoint
  • --browser-path \x3Cpath> to force a specific Chromium-family browser binary
  • --debug-profile-dir \x3Cpath> to control the isolated debug profile location
  • --user-data-source \x3Cpath> to force a specific source browser user-data-dir
  • --output \x3Cpath> to control the destination file

Workflow

The wrapper script is the low-freedom path and should be preferred over hand-rolling the sequence.

It does the following:

  1. Finds the repo root and target site script.
  2. Reuses --cdp-http if 9222 is already listening.
  3. Otherwise seeds an isolated Chromium-family debug profile from the user's source browser data and starts the browser with a remote-debugging port, opening the requested site directly instead of leaving a separate about:blank startup tab behind.
  4. For legacy sites (yuanbao, longcat, doubao), opens the target site and checks for login UI before dispatching the site-specific script.
  5. For generic sites (qwen, gemini, grok), opens the target site, enters the prompt, and waits for a reply.
  6. If the site requires login or produces no usable reply because login is required, prints a prompt and waits until login completes, then continues automatically.
  7. Invokes the matching site script with standardized flags and the resolved --cdp-url.
  8. Reuses the single startup page when possible so the browser does not keep an extra blank tab, and prefers DOM-side text entry over keyboard typing to reduce accidental interference from the user working elsewhere.

Site Notes

  • doubao: requires a logged-in session. The visitor page usually does not answer prompts.
  • yuanbao: login may appear as a modal with QQ, WeChat, or last-login buttons even when the page shell is visible.
  • longcat: the wrapper prefers a new chat before sending unless --no-new-chat is requested downstream.
  • qwen, gemini, grok: each has its own Playwright entry script backed by a shared site-chat core. gemini first targets the visible composer and attempts the send once before falling back to the login-wait loop, because the landing page exposes a real textbox even when the account is not yet in a usable chat state.

Constraints

  • Prefer headed Chromium browsers for login-recovery flows. Headless mode only makes sense when the copied debug profile is already logged in.
  • Do not kill the user's normal browser session unless the user explicitly asks for that.
  • The wrapper copies browser data into an isolated debug profile and skips lock files, so the user's normal browser can stay open.
  • The wrapper bypasses Python proxy settings for local DevTools requests because http://127.0.0.1:9222/json/version may otherwise return a false 502.
安全使用建议
What to consider before installing/running this skill: - This skill will try to reuse your logged-in browser sessions by reading and copying local browser profile directories (Chrome/Brave/Edge/Arc/etc.). Those profiles can contain cookies, local storage, OAuth tokens, and other sensitive session material — review the code and be comfortable with that level of access before running. - The registry metadata does not declare required dependencies (Playwright, a Chromium-family browser) or config paths. You should ensure Playwright and browsers are installed from trusted sources and understand the commands the scripts will run. - The wrapper can either start a new debug browser (after copying a profile) or attach to an existing DevTools endpoint (e.g., http://127.0.0.1:9222). Attaching to an already-running browser gives the script direct control over that browser; avoid pointing it at your primary browser unless you explicitly want that. - A static scan flagged a base64-block. Inspect the repository for any embedded/obfuscated data (search for long base64 strings) and verify their purpose. If you find any non-obvious encoded payloads, treat them as suspicious until decoded and explained. - Recommended precautions: run the skill inside a disposable/sandbox environment or VM; run with an explicitly created test browser profile (use --user-data-source set to a safe test directory, or avoid seeding from your real profile); review and, if needed, modify the copy logic to exclude sensitive files; and inspect network activity while running (e.g., ensure it only contacts the intended target sites and localhost DevTools endpoints). - If you want to proceed but lack the security expertise, ask the maintainer for a minimal manifest that lists dependencies and an explicit explanation of exactly which user-data files are copied. If the skill's owner cannot justify the base64 entry or the missing dependency metadata, avoid running it on sensitive hosts.
功能分析
Type: OpenClaw Skill Name: ai-search-hub Version: 1.0.0 The skill bundle contains scripts designed to automate interactions with multiple AI platforms by programmatically controlling a web browser. A significant security concern is found in `scripts/run_web_chat.py`, which contains logic to locate and copy the user's local browser profiles (including cookies, session data, and history) from various browsers (Chrome, Edge, Brave, etc.) into an 'isolated debug profile' directory. While this behavior is documented in `SKILL.md` as a way to maintain logged-in sessions for automation, the broad access to and duplication of sensitive browser data represents a high-risk capability that could be used for credential theft if the tool's intent were to change. No evidence of active data exfiltration to external third-party domains was found.
能力评估
Purpose & Capability
The name/description (browser automation for multiple chat/search sites) matches the included Playwright scripts and the wrapper. Accessing browser binaries, DevTools (CDP), and copying a browser profile is coherent with the stated goal of reusing logged-in sessions. However, the skill does not declare required binaries or config paths (no Playwright or Chromium binary listed, no config paths declared) even though the code expects Playwright and local browser user-data directories — an omission that reduces transparency.
Instruction Scope
SKILL.md explicitly instructs the agent to 'seed an isolated debug profile from the user's local browser data', attach to CDP on 127.0.0.1:9222, detect and wait for manual login, and then continue. The included scripts implement logic to discover guessed user-data directories, copy user profile data into a debug profile, and attach/start Chromium with a remote-debugging port. That means the runtime will read large parts of the user's browser profile (cookies, Local State, etc.) — a scope that goes beyond simple HTTP automation and can expose many session tokens.
Install Mechanism
There is no install spec (instruction-only at registry level) but repository contains executable Python scripts that depend on Playwright and a Chromium-family binary. The skill does not declare these dependencies in metadata; the environment must already have Playwright and browsers installed. This mismatch is a transparency/usability issue (and a potential security hazard if users attempt to satisfy implicit install steps from untrusted sources).
Credentials
The registry lists no required environment variables or config paths, yet the code reads and copies local browser user-data directories (home-based Chrome/Brave/Edge profiles). Those directories often contain sensitive tokens, cookies, and other state. While this access is functionally justified to reuse logged-in sessions, it is broad and potentially exposes credentials across many sites. No explicit credential scoping or warning is present in metadata.
Persistence & Privilege
The skill does not request always:true and does not appear to modify other skills or system-wide agent settings. It will create an isolated debug profile and write logs/output under the repo (e.g., chrome_startup.log, out/*, debug profile dir). It can also be directed to attach to an existing CDP endpoint — which, if you point it at a running browser's DevTools, grants the script control over that browser session. This is powerful but explained in SKILL.md; combine with the user-data access it increases blast radius.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ai-search-hub
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ai-search-hub 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
One Query. All Search. 聚合 Gemini、Grok、豆包、元宝等平台原生 AI 搜索能力,打造统一搜索中枢。 Search multiple AI platforms in parallel without rebuilding crawlers, fighting anti-bot systems, or tuning keywords by hand.
元数据
Slug ai-search-hub
版本 1.0.0
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 1
常见问题

AI-Search-Hub 是什么?

Run the AI Search Hub browser automation scripts for Yuanbao, LongCat, Doubao, Qwen, Gemini, and Grok. Use this skill when the user wants to ask one of those... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 329 次。

如何安装 AI-Search-Hub?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ai-search-hub」即可一键安装,无需额外配置。

AI-Search-Hub 是免费的吗?

是的,AI-Search-Hub 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

AI-Search-Hub 支持哪些平台?

AI-Search-Hub 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 AI-Search-Hub?

由 peanuts62(@peanuts62)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论