功能描述

通过 Chrome DevTools Protocol 直接控制浏览器，实现登录状态复用和多场景自动化操作，支持 Windows 和 OpenClaw 集成。

使用说明 (SKILL.md)

browser-agent 技能

Name: Browser Agent - Chrome CDP 自动化
Author: kaka4413

描述

浏览器自动化 Agent 技能，基于 Chrome DevTools Protocol (CDP) 和 WebSocket 实现 AI 对浏览器的直接控制。支持 OpenClaw 浏览器工具的原生集成，让 AI 能够像人类一样操作浏览器。

核心能力

CDP 直连 - 通过 WebSocket 连接 Chrome 远程调试端口，绕过安全提示弹窗
会话保持 - 复用已登录的浏览器会话（cookie、登录状态、后台权限）
多场景自动化 - 支持数据抓取、表单填写、内容发布、跨平台同步等
Windows 兼容 - 解决 Windows 平台 Chrome CDP 连接超时问题

适用场景

跨平台数据同步 - Notion ↔ 飞书、GitHub star 整理、Analytics 数据查询
内容管理 - 批量删除/发布 Twitter 帖子、管理社交媒体
数据采集 - 抓取网页内容、监控价格变化、收集竞品信息
自动化测试 - UI 测试、流程验证、回归测试

使用方法

前置条件

方式 1: 使用 OpenClaw 内置浏览器（推荐）

OpenClaw 的 browser 工具已自动配置 CDP，无需额外设置：

browser(action="start")  # 自动启动并配置

方式 2: 自行启动 Chrome

需要添加 --remote-allow-origins 标志允许 WebSocket 连接：

# Windows
chrome.exe --remote-debugging-port=9222 --remote-allow-origins=* --user-data-dir="C:\chrome-profile"

# macOS
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
  --remote-debugging-port=9222 --remote-allow-origins=* \
  --user-data-dir="/tmp/chrome-profile"

⚠️ 注意: Chrome 90+ 版本默认拒绝 WebSocket 连接，必须添加 --remote-allow-origins=* 或指定具体 origin。

脚本调用

# 检查浏览器连接
python skills/browser-agent/scripts/browser_agent.py --check

# 执行页面自动化任务
python skills/browser-agent/scripts/browser_agent.py --url "https://example.com" --action "screenshot"

# 执行自定义脚本
python skills/browser-agent/scripts/browser_agent.py --script "my_automation.py"

OpenClaw 浏览器工具集成

# OpenClaw 内置 browser 工具已支持 CDP
browser(action="start")  # 启动浏览器
browser(action="navigate", url="https://x.com")  # 导航
browser(action="snapshot", refs="aria")  # 获取页面快照
browser(action="act", kind="click", ref="e123")  # 点击元素
browser(action="act", kind="type", text="内容")  # 输入文本

技术架构

┌─────────────────┐     WebSocket      ┌─────────────────┐
│   AI Agent      │ ◄────────────────► │  Chrome CDP     │
│  (OpenClaw)     │   CDP Protocol     │  (Port 9222)    │
└─────────────────┘                    └─────────────────┘
        │                                       │
        │                                       ▼
        │                            ┌─────────────────┐
        │                            │   Browser UI    │
        │                            │  (Visible/Headless)
        ▼                            └─────────────────┘
┌─────────────────┐
│  Skill Scripts  │
│  - browser_agent.py  │
│  - cdp_connector.py  │
│  - session_manager.py│
└─────────────────┘

注意事项

安全性：CDP 端口仅监听 localhost，不要暴露到公网
会话超时：长时间空闲后可能需要重新 allow 连接
资源占用：每个 CDP 会话约占用 50-100MB 内存
网站兼容性：部分网站（如银行、高安全站点）可能阻止自动化

故障排查

问题：连接超时

# 检查 Chrome 是否启动
netstat -ano | findstr 9222

# 重启 Chrome 远程调试
taskkill /F /IM chrome.exe
chrome.exe --remote-debugging-port=9222

问题：安全提示弹窗

使用 WebSocket 直连方案（见 scripts/cdp_connector.py）
或在 Chrome 中手动点击"允许"

问题：会话丢失

使用 --user-data-dir 固定配置文件目录
实现会话保持机制（见 scripts/session_manager.py）

参考资源

更新日志

v1.0 (2026-03-18) - 初始版本
- CDP WebSocket 直连支持
- Windows 平台兼容
- 会话保持机制
- OpenClaw browser 工具集成

安全使用建议

This skill appears to do what it claims (control Chrome via CDP) but it operates with sensitive privileges: it can read and act using your browser's logged‑in sessions and it suggests using --remote-allow-origins=* (which weakens WebSocket origin checks). Before installing or running: - Only run it on a machine you trust and preferably in an isolated profile/VM/container. Use a dedicated Chrome user-data-dir (not your main profile) to avoid exposing personal cookies/tokens. - Avoid enabling --remote-allow-origins=* on machines exposed to other networks; prefer binding CDP to localhost and firewalling the port. Follow the SKILL.md warning to not expose the CDP port to the internet. - Review any custom automation scripts you pass via --script; they can execute arbitrary CDP/JS against pages and could exfiltrate data. - Install Python deps in a virtualenv and inspect the two Python scripts (they are included) before running. The package.json vs Python packaging mismatch is harmless but indicates the author bundled files manually—verify origin and author trust. - If you want stricter guarantees, run the skill in a disposable environment, or decline installing if you cannot isolate browser profile access. If you want, I can extract and summarize the exact code paths that access page content, cookies, or network responses so you can audit them more precisely.

功能分析

Type: OpenClaw Skill Name: browser-agent Version: 1.0.0 The skill provides a powerful browser automation interface using the Chrome DevTools Protocol (CDP), enabling actions such as arbitrary JavaScript execution (Runtime.evaluate), simulated user input (clicking/typing), and session persistence. While these capabilities are aligned with the stated purpose of a browser agent, they constitute high-risk behaviors that could be used to manipulate user sessions or exfiltrate data if misused. Furthermore, the script `browser_agent.py` lacks input sanitization for the screenshot output path, creating a potential path traversal vulnerability. The documentation in `SKILL.md` also explicitly describes methods to bypass Chrome's WebSocket security prompts, which, while technically necessary for CDP automation, increases the risk profile of the bundle.

能力评估

✓ Purpose & Capability

Name/description match the included Python scripts and docs: the package implements a CDP WebSocket client, session keep‑alive, and actions (navigate, click, type, screenshot). No unrelated credentials, binaries, or exotic installs are requested.

ℹ Instruction Scope

SKILL.md and scripts instruct connecting to a local Chrome CDP endpoint, reusing user profiles (--user-data-dir) and bypassing Chrome's WebSocket origin checks (--remote-allow-origins=*). These instructions are coherent with the stated goal (session reuse, automation) but intentionally weaken browser-origin protections and enable the skill to access cookies, logged‑in sessions, and any page DOM/Network data.

✓ Install Mechanism

No automated install spec; scripts are included and dependencies are listed in scripts/requirements.txt (websocket-client, requests). There are no downloads from third‑party URLs or archive extraction steps. Minor oddity: an npm package.json lists Python deps, but this is a packaging inconsistency rather than a direct install risk.

ℹ Credentials

The skill requests no environment variables, which is proportional. However, its intended operation requires access to the user's browser profile and a running Chrome with remote debugging enabled—this grants access to sensitive session state (cookies, auth tokens). That access is necessary for the skill's features but is high‑privilege and sensitive.

ℹ Persistence & Privilege

always is false and the skill does not request system-wide persistence. It does implement session keep‑alive threads while running. Be aware that autonomous invocation (the default) would allow the agent to open and control the local browser session without additional prompts if invoked.

版本历史

v1.0.0

browser-agent 1.0.0 - 初始发布，基于 Chrome DevTools Protocol (CDP) 和 WebSocket 实现浏览器自动化 - 支持复用已登录浏览器会话（cookie、登录状态） - 兼容 Windows 平台 Chrome CDP 连接超时问题 - 内置多场景自动化能力，如数据抓取、内容发布、自动化测试 - 完全集成 OpenClaw 浏览器工具，无需额外配置

元数据

Slug browser-agent

版本 1.0.0

许可证 MIT-0

累计安装 12

当前安装数 12

历史版本数 1

常见问题

Browser Agent - Chrome CDP 自动化是什么？

通过 Chrome DevTools Protocol 直接控制浏览器，实现登录状态复用和多场景自动化操作，支持 Windows 和 OpenClaw 集成。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 719 次。

如何安装 Browser Agent - Chrome CDP 自动化？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install browser-agent」即可一键安装，无需额外配置。

Browser Agent - Chrome CDP 自动化是免费的吗？

是的，Browser Agent - Chrome CDP 自动化完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Browser Agent - Chrome CDP 自动化支持哪些平台？

Browser Agent - Chrome CDP 自动化跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Browser Agent - Chrome CDP 自动化？

由 kaka4413（@kaka4413）开发并维护，当前版本 v1.0.0。

Browser Agent - Chrome CDP 自动化