← 返回 Skills 市场

Business Opportunity Screenshot

Name: Business Opportunity Screenshot
Author: jakliao

作者 xingxiuye · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

236

总下载

当前安装

版本数

在 OpenClaw 中安装

/install business-opportunity-screenshot

功能描述

Generate a business opportunity Skills report with ClawHub data, open it in Chromium, and capture a full-page screenshot saved to the output directory.

使用说明 (SKILL.md)

Business Opportunity Skills Report & Screenshot

生成商机发现 Skills 推荐报告，并用 Chromium 打开页面进行全页滚动截屏保存。

功能特点

智能搜索: 调用 ClawHub API 搜索商机相关 Skills
Fallback 机制: 当 API 限流或失败时，自动使用预设的 15 个热门商机 Skills 数据
详细报告: 生成美观的 HTML 报告，包含分类展示
自动截屏: 启动 Chromium 浏览器并自动截取全页图片

预设数据（API 失败时使用）

当 ClawHub API 超速限流时，会自动使用以下预设 Skills：

🔍 商机发现

opportunity-discovery
business-opportunity-detector
opportunity-assessment

📊 市场分析

market-environment-analysis
market-analysis-cn
market-sentiment-pulse

💼 商业战略

business-development
business
startup

🎯 获客引流

lead-generation
lead-researcher

🛠️ 创业工具

startup-toolkit
startup-financial-modeling
competitor-analysis

输入参数

query: 搜索关键词（可选，默认 "opportunity"）
output_name: 输出文件名（可选，默认 "商业发现-${日期}"）

输出

HTML 报告文件（保存在 workspace 根目录）
Chromium 浏览器打开页面
全页截屏保存到 output 目录（文件名：${output_name}.jpg）

依赖

clawhub CLI
chromium-browser
puppeteer-core npm 包
WSL2 环境 + DISPLAY=:0

安装依赖

cd /home/xiaoduo/.openclaw/workspace-product/skills/business-opportunity-screenshot
npm install puppeteer-core

使用方法

# 基本用法
node scripts/screenshot.js

# 指定搜索关键词
node scripts/screenshot.js business

# 指定输出名称
node scripts/screenshot.js opportunity "商机报告-2026-03-16"

关键工具

1. ClawHub 搜索

clawhub search \x3C关键词>

2. 获取 Skill 详情

clawhub inspect \x3Cskill-slug>

3. 启动 Chromium（调试模式）

export DISPLAY=":0" && chromium-browser --remote-debugging-port=9222 \x3Curl>

4. Puppeteer 连接截屏

const puppeteer = require('puppeteer-core');
const browser = await puppeteer.connect({ browserURL: 'http://localhost:9222' });
await page.screenshot({ path: 'output.jpg', fullPage: true });

触发词

商机发现报告
商机 skills 截图
商业机会 skills 报告
生成商机发现页面并截屏

安全使用建议

This skill appears to do what it says, but there are several red flags to consider before installing: (1) It assumes the clawhub CLI and chromium-browser are installed and requires you to run npm install puppeteer-core manually — the package metadata did not declare these requirements. (2) The script uses a hardcoded workspace path (/home/xiaoduo/.openclaw/workspace-product) for reading/writing output — on your system this may point to a different user or not exist; it could overwrite files if that path exists. (3) It launches Chromium with --remote-debugging-port=9222 and connects puppeteer to it; this opens a local debug port while running and increases risk. (4) The code executes shell commands (clawhub) via execSync; review these commands and outputs if you care about confidentiality. Recommendations: inspect the scripts locally, run the skill in an isolated environment (container or VM), adjust the workspace/output paths to a safe directory, ensure you trust the clawhub CLI source, and only run npm install in a controlled environment. If you need higher assurance, ask the author for an install spec and for removal of hardcoded paths.

功能分析

Type: OpenClaw Skill Name: business-opportunity-screenshot Version: 1.0.0 The skill contains a critical command injection vulnerability in `scripts/screenshot.js` because user-provided arguments (`query` and `slug`) are passed unsanitized to `execSync` when calling the `clawhub` CLI. Additionally, the script relies on hardcoded absolute paths for a specific user (`/home/xiaoduo/`), which is a significant configuration flaw. While the code logic appears to follow the stated purpose of generating reports and screenshots, these vulnerabilities allow for arbitrary command execution if the agent is prompted with malicious input.

能力评估

⚠ Purpose & Capability

Name/description match the behavior: the script calls clawhub, builds an HTML report, and uses puppeteer-core to capture a screenshot. However the registry metadata declares no required binaries/env or credentials while SKILL.md and the script require clawhub CLI, chromium-browser, DISPLAY/WSL2, and an npm dependency. That mismatch (no declared requirements but required at runtime) is incoherent.

⚠ Instruction Scope

SKILL.md and scripts instruct running shell commands (clawhub search/inspect, launching Chromium with --remote-debugging-port) and write output under a hardcoded workspace path (/home/xiaoduo/.openclaw/workspace-product). The script executes shell commands with execSync (15s timeout). The hardcoded absolute path and use of remote debugging broaden scope beyond a simple screenshot tool and could fail or misbehave on other hosts.

ℹ Install Mechanism

There is no formal install spec, but package.json/package-lock include puppeteer-core. SKILL.md tells users to run npm install manually. This is an inconsistency: dependencies exist but installation is left to the user. The package-lock pulls puppeteer-core and related packages from public npm (npmmirror registry), which is expected but requires network install; no direct downloads from suspicious URLs were found.

⚠ Credentials

The skill requests no credentials, which is appropriate. But it implicitly requires environment-specific items: clawhub CLI, chromium-browser, DISPLAY (WSL2), and a writable workspace at a specific absolute home path. Requiring a specific user's home path is disproportionate and fragile — it can expose or overwrite files in that location if present.

✓ Persistence & Privilege

The skill does not request always:true and does not declare system-wide persistence. It runs on demand. One operational risk: launching Chromium with --remote-debugging-port opens a local debug port (9222) which, while local, increases the attack surface while the browser is running.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install business-opportunity-screenshot
安装完成后，直接呼叫该 Skill 的名称或使用 /business-opportunity-screenshot 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release: Generate a business opportunity skills report with full-page screenshot. - Searches for business opportunity–related skills via ClawHub API (auto-fallback to preset list on failure) - Produces a categorized, visually formatted HTML report - Launches Chromium to render the report and captures a full-page screenshot - Allows custom search keywords and output file naming - Outputs both the HTML report file and JPG screenshot for easy sharing

元数据

Slug business-opportunity-screenshot

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题