← 返回 Skills 市场
browser-toggle
作者
yoo-unison
· GitHub ↗
· v1.0.1
438
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install browser-toggle
功能描述
Enable or disable the OpenClaw built-in browser with one command, featuring auto backup, recovery, and cross-platform support.
使用说明 (SKILL.md)
OpenClaw Browser Toggle Skill
一键启用/禁用 OpenClaw 内置浏览器,无需手动修改配置文件
Name: browser-toggle
Version: 1.0.0
Author: AI Assistant
License: MIT
Description: 一键启用/禁用 OpenClaw 内置浏览器
Installation
bash setup.sh
Usage
openclaw-browser --enable
openclaw-browser --disable
openclaw-browser --status
Features
- ✅ 一键启用/禁用内置浏览器
- ✅ 自动备份配置文件
- ✅ 失败自动恢复
- ✅ 支持可视化/无头模式
- ✅ 跨平台支持
Requirements
- Python 3.8+
- OpenClaw 2026.2.26+
- Chrome/Chromium
Links
安全使用建议
This skill appears to do what it says: it modifies ~/.openclaw/openclaw.json to enable/disable the built-in browser and keeps backups. Before installing: (1) verify the skill source — files reference GitHub but the registry source/homepage are 'unknown' — prefer an authoritative repository; (2) inspect browser_toggle.py (it is short and readable) and the backup directory to confirm no unexpected behavior; (3) do not allow creation of a global symlink (/usr/local/bin) unless you trust the package (the installer only attempts this if it has permission); (4) if you are unsure, run the code in an isolated environment/VM or manually copy the single script into your OpenClaw skills folder and run it without running setup.sh. The skill does modify your OpenClaw configuration and requires restarting OpenClaw to take effect — back up important data before proceeding.
功能分析
Type: OpenClaw Skill
Name: browser-toggle
Version: 1.0.1
The skill is classified as suspicious due to a local file overwrite vulnerability found in `browser_toggle.py`. The `restore_from_backup` function and its corresponding `--restore` CLI argument allow an arbitrary file path to be specified as the source for restoration. This means an attacker could potentially overwrite the `~/.openclaw/openclaw.json` configuration file with the content of any file on the system that the script's user has read access to, leading to denial of service or information disclosure if the overwritten content is later displayed. While the skill's stated purpose is benign, this lack of input sanitization presents a significant vulnerability, even though there is no evidence of intentional malicious behavior like data exfiltration or persistence.
能力评估
Purpose & Capability
Name/description match behavior: code and scripts only read/write OpenClaw config (~/.openclaw/openclaw.json), manage backups (~/.openclaw/workspace/backups), and provide enable/disable/status/headless controls. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md and install scripts instruct running setup/install which copy files into the user's OpenClaw workspace and invoke browser_toggle.py to modify openclaw.json. This is appropriate for the purpose, but note the skill writes to the user's OpenClaw config and creates backups — review those files before installing if you don't trust the source.
Install Mechanism
No remote downloads or archive extraction occur in the provided install scripts; setup.sh and install.sh copy local files into the ~/.openclaw workspace and optionally create a symlink. Build script creates local tarball; README references GitHub releases but install scripts do not fetch external content.
Credentials
No environment variables, credentials, or external tokens are required. The code accesses only the OpenClaw config and user home paths, which are necessary for the skill's stated function.
Persistence & Privilege
The skill installs into the user's OpenClaw workspace and may create a global symlink (/usr/local/bin/openclaw-browser) if permissions allow. It does not set always:true or request persistent elevated privileges, but creating a global command requires writable /usr/local/bin (sudo) — avoid granting that unless you trust the package.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install browser-toggle - 安装完成后,直接呼叫该 Skill 的名称或使用
/browser-toggle触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
移除内部开发文档
v1.0.0
Initial release of the browser-toggle skill:
- One-click enable/disable for OpenClaw's built-in browser, no config file editing needed
- Supports Linux, Windows, and Mac
- Automatic configuration file backup and validation
- Automatic recovery on failure
- Switch between visual and headless modes
- Includes status check commands
元数据
常见问题
browser-toggle 是什么?
Enable or disable the OpenClaw built-in browser with one command, featuring auto backup, recovery, and cross-platform support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 438 次。
如何安装 browser-toggle?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install browser-toggle」即可一键安装,无需额外配置。
browser-toggle 是免费的吗?
是的,browser-toggle 完全免费(开源免费),可自由下载、安装和使用。
browser-toggle 支持哪些平台?
browser-toggle 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 browser-toggle?
由 yoo-unison(@yoo-unison)开发并维护,当前版本 v1.0.1。
推荐 Skills