← 返回 Skills 市场

Browser Local Chrome

Name: Browser Local Chrome
Author: liulike

作者 Like Liu · GitHub ↗ · v1.1.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install browser-local-chrome

功能描述

Configure and manage local Chrome in debug mode for browser automation with OpenClaw, enabling SSRF whitelist and browser status checks.

使用说明 (SKILL.md)

浏览器自动化配置技能

配置 OpenClaw 使用本地 Chrome 调试模式进行浏览器自动化。

功能

✅ 一键启动 Chrome 调试模式
✅ 自动配置 OpenClaw 浏览器设置
✅ 启用 SSRF 白名单（允许访问任意网站）
✅ 检查浏览器状态

使用方法

一键配置（推荐）

node scripts/setup.js

这会自动完成所有步骤：启动 Chrome → 配置 OpenClaw → 验证状态

分步配置

1. 启动浏览器

node scripts/start-chrome.js

2. 配置 OpenClaw

node scripts/configure-browser.js

3. 重启 Gateway

openclaw gateway restart

4. 检查状态

node scripts/check-status.js

5. 关闭浏览器（使用完成后）

node scripts/stop-chrome.js

配置说明

CDP 端口

默认：9222

用户数据目录

默认：C:\chrome-debug-profile

SSRF 策略

dangerouslyAllowPrivateNetwork: true - 允许访问任意网站
如需更严格的安全策略，可改用 hostnameAllowlist

故障排查

Chrome 无法启动

检查 Chrome 是否已安装：C:\Program Files\Google\Chrome\Application\chrome.exe
检查端口 9222 是否被占用

浏览器工具不可用

确认 Gateway 已重启
检查 CDP 连接：curl http://127.0.0.1:9222/json/version

SSRF 错误

确认 openclaw.json 中已配置 ssrfPolicy
重启 Gateway 使配置生效

适用场景

访问需要 JavaScript 渲染的网站
自动化网页操作（点击、填写表单等）
截图和页面分析
绕过 curl 无法处理的动态内容

注意事项

Chrome 调试模式需要保持运行
使用完成后请关闭浏览器：node scripts/stop-chrome.js
重启后需要重新启动 Chrome
建议将启动脚本添加到开机自启

安全使用建议

This skill appears to be what it claims, but it will modify your OpenClaw config to enable 'dangerouslyAllowPrivateNetwork', giving the browser access to internal and private network addresses. Before installing/running: 1) Back up your OpenClaw config (~/.openclaw/openclaw.json or %USERPROFILE%\.openclaw\openclaw.json). 2) Review and confirm you accept enabling private-network SSRF access (consider using hostnameAllowlist instead). 3) Inspect the scripts (they invoke Chrome, call kill/taskkill/killall, and execute openclaw gateway restart instructions). 4) Run them in a trusted environment only and close the debug Chrome when finished. 5) Note cross-platform caveats: configure-browser.js uses USERPROFILE (Windows) and some default chrome paths may not match your system—adjust _meta.json or the scripts as needed.

功能分析

Type: OpenClaw Skill Name: browser-local-chrome Version: 1.1.0 This skill bundle automates the configuration of a local Chrome instance for debugging but introduces significant security risks by intentionally disabling SSRF protections. Specifically, `scripts/configure-browser.js` modifies the global `openclaw.json` configuration to set `dangerouslyAllowPrivateNetwork: true`, which allows the agent to access internal network resources. Additionally, the bundle includes scripts like `scripts/start-chrome.js` and `scripts/stop-chrome.js` that perform system-level operations, such as executing shell commands to manage browser processes and modifying files in the user's home directory. While these actions are consistent with the stated purpose of browser automation, the intentional weakening of security boundaries and the use of broad process termination logic are high-risk behaviors.

能力评估

✓ Purpose & Capability

Name/description match the implemented actions: scripts start/stop Chrome in CDP mode, configure OpenClaw to attach to the local CDP port, and provide status/troubleshooting tools. There are no unrelated credentials, external downloads, or unexpected network endpoints.

ℹ Instruction Scope

SKILL.md and the scripts instruct the agent/user to read and overwrite the user's OpenClaw configuration file (~/.openclaw/openclaw.json or %USERPROFILE%\.openclaw\openclaw.json) and to restart the gateway. This is necessary for the stated goal but is a system-level config change; the scripts also execute system commands (launching Chrome, taskkill/killall) which is expected for start/stop behavior.

✓ Install Mechanism

No remote install or downloads are defined; this is an instruction-and-script skill shipped with source files. Packaging scripts exist but use local system zip/archiver tools—no external code fetches or URL downloads were observed.

ℹ Credentials

The skill requests no credentials or env vars, but it directly reads/writes the user's OpenClaw configuration and uses process.env.USERPROFILE (Windows-centric). The most important concern is that configure-browser.js sets ssrfPolicy.dangerouslyAllowPrivateNetwork = true, which intentionally broadens SSRF access to private networks — this is functionally justified by the skill but is a high-impact, security-sensitive change that should be explicitly authorized by the user/administrator.

ℹ Persistence & Privilege

The skill is not always-enabled and does not request special platform privileges, but it does modify a system-level OpenClaw configuration file (global browser/ssrf settings). That modification persists until reverted and affects other OpenClaw browser behavior, so it carries system-wide impact even though it's coherent with the skill's purpose.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install browser-local-chrome
安装完成后，直接呼叫该 Skill 的名称或使用 /browser-local-chrome 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.1.0

跨平台支持 + 故障排查工具 + 混合方案

元数据

Slug browser-local-chrome

版本 1.1.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题