功能描述

CDP browser control at localhost:9222. Use when you need to inspect tabs, take screenshots, navigate, scroll, post to X, or run JS in a persistent browser se...

使用说明 (SKILL.md)

cdp-browser

Name: Cdp Browser
Author: gostlightai

CLI for Chrome/Chromium at localhost:9222. Inspect tabs, take screenshots, navigate, scroll, post to X, or run JS in a persistent browser session.

Repo: https://github.com/gostlightai/cdp-browser

Prerequisites: Chromium running with --remote-debugging-port=9222. Docker Compose or a local Chrome with remote debugging enabled.

Commands

Run from the skill dir (bin/ scripts):

Command	Description
`status`	List all tabs (JSON from CDP)
`tabs`	Same as status
`new \x3Curl>`	Open new tab
`goto \x3CtabId> \x3Curl>`	Navigate tab to URL
`snapshot \x3CtabId>`	Full-page screenshot (PNG)
`close-popup \x3CtabId>`	Dismiss dialogs/modals
`scroll \x3CtabId> \x3Cpx\|sel> [down\|up]`	Scroll by pixels or selector
`query \x3CtabId> getUrl`	Return current page URL
`query \x3CtabId> getText [selector]`	Return element text (or body)
`query \x3CtabId> getHtml [selector]`	Return element HTML (or body)
`tweet-draft \x3CtabId> "text"`	Fill compose box only; does NOT post
`tweet-post \x3CtabId> --confirm "text"`	Post tweet (requires `--confirm` as second arg)
`tweet \x3CtabId> "text"`	Alias for tweet-draft (fills compose only)

Tweet flow

tweet-draft (default): Fills the compose box; user reviews in browser and posts manually.
tweet-post: Requires --confirm as second arg (strict). Use when user explicitly approves ("go ahead", "post it", or Telegram confirm button).
Optional Telegram confirm: When tweet.confirmButton is enabled in config, the agent can run tweet-draft --save-pending to write pending state, then send a message with an inline "Confirm Post" button. On confirm, the agent runs tweet-post --confirm.

Config (required for Telegram confirm button)

The Telegram "Confirm Post" button only works if config exists. Copy the example and place it in your workspace:

# From the skill dir (e.g. ~/.openclaw/workspace/skills/cdp-browser):
cp .cdp-browser.json.example ~/.openclaw/workspace/.cdp-browser.json

Location: ~/.openclaw/workspace/.cdp-browser.json (or $OPENCLAW_WORKSPACE/.cdp-browser.json)

Key	Default	Description
`tweet.confirmButton`	`false`	When `true`, agent sends draft with inline "Confirm Post" button in Telegram. User clicks to approve or says "go ahead".

Without this config, the agent uses plain tweet-draft (no button); user confirms via text only.

Telegram confirm button (agent instructions)

When tweet.confirmButton is true (config present) and you are in a Telegram session:

Draft: Run tweet-draft --save-pending \x3CtabId> "text" from the skill dir. This fills the compose box and writes ~/.openclaw/workspace/.cdp-browser/pending-tweet.json.
Send with button: Run from the skill dir:
```
./scripts/send-tweet-confirm.sh \x3Cchat_id> "\x3Ctweet_text>"
```
Or use openclaw message send directly with --buttons '[[{"text":"Confirm Post","callback_data":"cdp:tweet:confirm"}]]'. Use the current session's reply target as \x3Cchat_id>.
On confirm: When the user clicks the button, OpenClaw delivers callback_data: cdp:tweet:confirm. Or the user says "go ahead"/"post it". Treat either as approval. Then:
- Read ~/.openclaw/workspace/.cdp-browser/pending-tweet.json for text and tabId
- Run tweet-post \x3CtabId> --confirm "\x3Ctext>"
- Edit or delete the message with the button (optional)
- Delete the pending file

Scripts

cdp.js — Fetch-only wrapper for CDP HTTP API (/json, /json/list, /json/new); no shell.
pw.js — Playwright connect to browser; runs snapshot/goto/scroll/query/tweet-draft/tweet-post. Compose launcher: SideNav_NewTweet_Button, /compose/post, Post only (avoids reply buttons). Post button: tweetButton, tweetButtonInline.

Security

See SECURITY.md for mitigations and operational notes.

安全使用建议

This skill appears to do what it says: control a local Chromium instance over CDP and optionally assist with posting to X using a Telegram confirm flow. Before installing, note: - You will need Chromium running with --remote-debugging-port=9222 and likely to run npm install in the skill dir (Playwright dependency), which may download browser binaries. - The skill can control pages in that browser (navigate, screenshot, fill and click); keep the CDP endpoint local and protected because it grants full browser control. - If you enable the Telegram confirm button, you must copy the example config into your OpenClaw workspace; the skill will write a pending-tweet file there and use openclaw message send to post the inline button. Review .cdp-browser.json and the pending-tweet file location to ensure they meet your privacy requirements. - Review the code (pw.js, cdp.js, and scripts/send-tweet-confirm.sh) to confirm the exact selectors and flows match your expectations, and be aware screenshots or page queries may capture sensitive content. If you want higher assurance, run npm install in an isolated environment first and inspect what Playwright downloads, and test with an unprivileged local browser profile.

功能分析

Type: OpenClaw Skill Name: cdp-browser Version: 2.0.1 The skill bundle demonstrates strong security awareness and implements several critical mitigations against RCE, shell injection, and unauthorized actions, as detailed in `SECURITY.md` and `CHANGELOG.md`. However, the `scripts/cdp.js` file contains a vulnerability where the `endpoint` argument is not sanitized before being used in a `fetch` request to `http://localhost:9222/${endpoint}`. This could allow an attacker to make arbitrary CDP API calls if the agent is tricked into executing this specific script with controlled input, posing a risk of browser-context RCE. This is a significant vulnerability, but there is no evidence of intentional malicious behavior like data exfiltration or persistence.

能力评估

✓ Purpose & Capability

The skill claims to control a browser via CDP on localhost:9222 and to be able to inspect tabs, screenshot, navigate, scroll, run limited queries, and optionally post to X. The included files (cdp.js, pw.js, helper scripts) and the Playwright dependency align with that purpose. The Telegram confirm flow and a workspace config file are reasonable additions given the described UX.

ℹ Instruction Scope

SKILL.md instructs the agent to run CLI scripts from the skill directory, write/read a pending-tweet file under the OpenClaw workspace, and (optionally) send a Telegram message via the OpenClaw CLI. These actions are in-scope for a browser-control + confirm-post feature. The agent will read/write files in ~/.openclaw/workspace(.cdp-browser) and may call openclaw message send; both are documented and required for the Telegram flow.

ℹ Install Mechanism

There is no formal install spec in the registry metadata (instruction-only), but package.json and package-lock.json declare a Playwright dependency. The README suggests running npm install. Playwright is a standard npm package (registry), but it is heavy and can download browser binaries during installation — this is expected for a Playwright-based tool but is a practical operational consideration.

✓ Credentials

The skill declares no required env vars or credentials. The code does use OPENCLAW_WORKSPACE (optional) and falls back to HOME/USERPROFILE to locate the workspace for saving pending state; this is proportional to the documented feature. It does not request unrelated secrets or credentials. Control over a local CDP endpoint (localhost:9222) is powerful but matches the skill's purpose.

✓ Persistence & Privilege

The skill is not marked always:true and does not request elevated platform privileges. It writes only to its own workspace subdirectory for pending tweets and does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not unusual for this skill type.

版本历史

v2.0.1

cdp-browser v2.0.1 (Security + Reliability Patch) Security hardening: - Blocked unsafe URL schemes in browser navigation (javascript:, data:, file:) - Strict URL validation (http/https only) in pw.js goto, cdp.js newTab/gotoTab Post confirmation safety: - tweet-post requires explicit --confirm, fails fast without it X compose/post flow: - Updated selectors for current X UI, tweetButton/tweetButtonInline preference Command improvements: - query ops: getUrl, getText, getHtml - tweet-draft --save-pending for confirm-button workflows

v2.0.0

security: CDP v2 hardening - explicit confirm, draft/post split, safer selectors - tweet-post: require --confirm as second arg (strict), no auto-injection - Split tweet: tweet-draft (compose only), tweet-post (requires --confirm) - Legacy tweet action → draft only - Compose launcher: SideNav_NewTweet_Button, /compose/post, Post only (avoid reply buttons) - Post button: tweetButton, tweetButtonInline - Add query ops: getUrl, getText, getHtml - Add --save-pending for tweet-draft (pending-tweet.json) - Replace curl with fetch in cdp.js (remove shell injection) - Replace eval with allowlisted query in pw.js - Add Telegram confirm flow: send-tweet-confirm.sh, .cdp-browser.json.example - Docs: SKILL.md, README.md, SECURITY.md

v1.0.0

Add repo links; security fixes

元数据

Slug cdp-browser

版本 2.0.1

许可证 —

累计安装 6

当前安装数 6

历史版本数 3

常见问题

Cdp Browser 是什么？

CDP browser control at localhost:9222. Use when you need to inspect tabs, take screenshots, navigate, scroll, post to X, or run JS in a persistent browser se... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1010 次。

如何安装 Cdp Browser？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cdp-browser」即可一键安装，无需额外配置。

Cdp Browser 是免费的吗？

是的，Cdp Browser 完全免费（开源免费），可自由下载、安装和使用。

Cdp Browser 支持哪些平台？

Cdp Browser 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Cdp Browser？

由 gostlight（@gostlightai）开发并维护，当前版本 v2.0.1。

Cdp Browser