← 返回 Skills 市场

Browser Automation V2

Name: Browser Automation V2
Author: bodafu

作者 Boda Fu · GitHub ↗ · v2.0.0

cross-platform ⚠ suspicious

2733

总下载

当前安装

版本数

在 OpenClaw 中安装

/install browser-automation-v2

功能描述

Enterprise-grade browser automation with automatic tab cleanup, timeout retries, concurrency lock, smart waiting, and configurable environment settings.

使用说明 (SKILL.md)

Browser Automation v2

Enterprise-grade browser automation for OpenClaw with robust resource management.

Features

✅ Automatic tab cleanup - No more tab accumulation
✅ Timeout & retry - Exponential backoff on network errors
✅ Smart waiting - waitForLoadState, waitForSelector
✅ Concurrency lock - Prevents profile conflicts
✅ Structured logging - DEBUG=1 for verbose output
✅ Configurable - Environment variables for timeout, retries, profile

Files

browser-manager.v2.js - Core manager class
search-google.js - Google search with screenshot + PDF
fetch-summary.js - Fetch page content (static or dynamic)
multi-pages.js - Batch process multiple URLs
fill-form.js - Auto-fill forms by field names

Usage

# Set environment (optional)
export BROWSER_PROFILE=openclaw
export BROWSER_TIMEOUT=30000
export BROWSER_RETRIES=2
export DEBUG=1

cd ~/.openclaw/workspace/skills/browser-automation-v2

# Search Google
node search-google.js "OpenClaw automation"

# Batch process
node multi-pages.js "https://example.com" "https://github.com"

# Fill form
node fill-form.js "https://example.com/form" '{"email":"[email protected]"}'

Integration

openclaw skills install ~/.openclaw/workspace/skills/browser-automation-v2

Or call directly from agent:

run search-google.js "query"

Requirements

OpenClaw v2026.2.15+
Browser profile configured (default: openclaw)
Gateway running

Troubleshooting

Timeout errors: Increase BROWSER_TIMEOUT
Profile locked: Wait for other instance to finish
Element not found: Use snapshot --format ai to debug refs

Created: 2026-02-16 Version: 2.0.0 License: MIT

安全使用建议

This skill appears to do what it says, but exercise caution before installing or running it on sensitive systems. Key concerns and recommendations: - Command-injection risk: the code builds shell commands with user-controlled values (URLs and form values) and calls child_process.exec. If you pass untrusted input, an attacker could inject shell operators. Prefer running these scripts only with trusted inputs, review and/or modify the code to use execFile/spawn with argument arrays or properly escape inputs. - Run in isolation: test in a contained environment (dedicated VM/container, limited privileges) and avoid running with sensitive environment variables or on production hosts until you audit it. - Audit the OpenClaw CLI: the scripts rely entirely on the local `openclaw` CLI/gateway — ensure that binary is from a trusted source and behaves safely when given arguments. - Small bugs: there are minor implementation issues (e.g., fallbackToBrowser references exec without a local import) — expect some rough edges. If you need lower risk, ask the author to sanitize/escape all external inputs before interpolation (or switch to spawn/execFile with args arrays) and to add input-validation and explicit warnings in the SKILL.md. If you cannot audit/modify the code, avoid running it with untrusted inputs or on systems with sensitive data.

功能分析

Type: OpenClaw Skill Name: browser-automation-v2 Version: 2.0.0 The skill bundle is highly suspicious due to multiple shell injection vulnerabilities across all JavaScript files. The core `browser-manager.v2.js` module uses `child_process.exec` to run `openclaw browser` commands, directly interpolating user-controlled inputs (such as URLs, search keywords, and form field values) into shell command strings without sufficient sanitization. This allows an attacker to inject arbitrary shell commands, leading to potential remote code execution. While the stated purpose of browser automation is benign, the lack of input sanitization creates a critical vulnerability that could be exploited for malicious purposes.

能力评估

✓ Purpose & Capability

Name/description match the code: the files implement an OpenClaw CLI-driven browser manager and helpers (search, fetch, multi-page, form fill). No unrelated credentials or services are requested.

⚠ Instruction Scope

Runtime instructions and scripts call the OpenClaw CLI to control a browser (expected). However many commands are built by interpolating user-supplied data (URLs, JSON field values, refs) into shell command strings passed to exec — this can allow shell/command injection if inputs are untrusted. The SKILL.md suggests running the scripts directly and setting env vars but does not warn about sanitizing inputs.

✓ Install Mechanism

No install/download step; the skill is instruction+code only. Nothing is fetched from external URLs or installed automatically.

✓ Credentials

The skill declares no required secrets or config paths. It uses optional environment variables for profile/timeout/retries which are proportional to a browser automation tool.

✓ Persistence & Privilege

always is false, the skill doesn't request permanent platform-level presence or modify other skills. It writes lock files under /tmp for concurrency control (expected).

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install browser-automation-v2
安装完成后，直接呼叫该 Skill 的名称或使用 /browser-automation-v2 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.0.0

Initial release: enterprise-grade browser automation with auto-cleanup, timeout/retry, smart waiting, concurrency lock

元数据

Slug browser-automation-v2

版本 2.0.0

许可证 —

累计安装 12

当前安装数 11

历史版本数 1

常见问题