← 返回 Skills 市场
adminlove520

chrome-cdp

作者 Anonymous · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
858
总下载
1
收藏
11
当前安装
1
版本数
在 OpenClaw 中安装
/install chrome-cdp
功能描述
通过Chrome远程调试协议访问已打开的Chrome标签页,支持读取登录状态页面及与真实页面交互操作。
使用说明 (SKILL.md)

chrome-cdp-skill

让AI agent访问你已打开的Chrome标签页

简介

chrome-cdp-skill 通过Chrome远程调试协议(CDP)连接你已经在用的Chrome会话,让AI可以:

  • 读取已登录账户的页面(Gmail、GitHub等)
  • 与你正在工作的标签页交互
  • 查看真实页面状态(非重新加载的干净状态)

安装

前提条件

  • Chrome浏览器
  • Node.js 22+

启用Chrome远程调试

  1. 在Chrome地址栏输入:chrome://inspect/#remote-debugging
  2. 打开"启用远程调试"开关

安装Skill

# 克隆仓库
git clone https://github.com/pasky/chrome-cdp-skill.git
cd chrome-cdp-skill

# 或复制 skills/chrome-cdp/ 目录到你的agent skills目录

使用方法

基本命令

# 列出打开的标签页
node scripts/cdp.mjs list

# 截图
node scripts/cdp.mjs shot \x3CtargetId>

# 获取可访问性树
node scripts/cdp.mjs snap \x3CtargetId>

# 获取HTML
node scripts/cdp.mjs html \x3CtargetId> [".selector"]

# 点击元素
node scripts/cdp.mjs click \x3CtargetId> "selector"

# 输入文字
node scripts/cdp.mjs type \x3CtargetId> "text"

# 导航
node scripts/cdp.mjs nav \x3CtargetId> https://...

# 评估JavaScript
node scripts/cdp.mjs eval \x3CtargetId> "expression"

# 网络资源计时
node scripts/cdp.mjs net \x3CtargetId>

# 加载更多(点击"加载更多"直到消失)
node scripts/cdp.mjs loadall \x3CtargetId> "selector"

获取targetId

首先运行 list 命令获取标签页的targetId:

$ node scripts/cdp.mjs list
TargetID  Title                     URL
---------  -----                     ---
abc123def  Gmail - Google Account   https://mail.google.com/...
def456ghi  GitHub                   https://github.com/...

然后用targetId前缀操作:

node scripts/cdp.mjs snap abc
node scripts/cdp.mjs click abc "#compose"
node scripts/cdp.mjs type abc "Hello World"

与OpenClaw集成

方法1:直接调用脚本

在OpenClaw中通过exec调用:

node /path/to/chrome-cdp-skill/scripts/cdp.mjs list

方法2:创建MCP服务器

可以将其封装为MCP服务器供OpenClaw调用。

方法3:创建OpenClaw Skill

参考 skills/chrome-cdp/index.js 创建完整Skill。

优势对比

特性 chrome-cdp Puppeteer类工具
浏览器 已有Chrome 新启动浏览器
登录状态 保持 需重新登录
页面状态 真实状态 干净状态
标签页数量 100+不卡 容易超时
依赖 仅Node.js Puppeteer+浏览器

注意事项

  1. 首次访问标签页时,Chrome会弹出"允许调试"确认框
  2. 守护进程20分钟无活动自动退出
  3. 目标ID只需唯一前缀即可匹配

参考

安全使用建议
Do not install blindly. Before using: (1) Note that the packaged index.js expects scripts/cdp.mjs which are not included — SKILL.md tells you to git-clone a GitHub repo; audit that repository and the scripts/cdp.mjs file before pulling or running anything. (2) The code constructs a shell command by joining arguments and calls execSync — this is vulnerable to command injection if untrusted input reaches the functions. Ask the author to switch to spawn/execFile with argument arrays or properly escape inputs. (3) Because the skill can read your open, logged-in web pages, only run it on a trusted machine and consider using an isolated environment/profile. (4) If you need this functionality but want lower risk, prefer an implementation that bundles its runtime scripts, documents checksums, and avoids shell-string execution. If you proceed, review scripts/cdp.mjs, pin/verify commits, and restrict automatic/autonomous invocation until you are confident about the code.
功能分析
Type: OpenClaw Skill Name: chrome-cdp Version: 1.0.0 The skill provides high-risk capabilities by allowing an AI agent to control and read data from a user's active Chrome session (including authenticated sites like Gmail). A critical shell injection vulnerability exists in index.js, where execSync is used to execute commands with unsanitized arguments. Additionally, the skill is incomplete and requires the user to clone an external repository (https://github.com/pasky/chrome-cdp-skill), which introduces a supply chain risk.
能力评估
Purpose & Capability
Name/description match the code's intent (control Chrome via CDP). However index.js expects a helper script at scripts/cdp.mjs that is not present in the package; SKILL.md instructs users to git clone https://github.com/pasky/chrome-cdp-skill to obtain missing files. Requiring an external repo at runtime (not bundled) is an inconsistency and forces fetching and running unvetted code to make the skill functional.
Instruction Scope
SKILL.md's runtime instructions are focused on enabling remote debugging and running the included scripts, which is within scope. But index.js runs child processes via execSync by building a single shell string (cmd.join(' ')) from user-supplied arguments (targetId, selectors, expressions). This is a command-injection risk: specially crafted inputs could execute arbitrary shell commands. The skill also promises access to logged-in pages (sensitive data) — expected for purpose but high-risk in practice.
Install Mechanism
There is no formal install spec in the package; SKILL.md directs users to git-clone a GitHub repo to obtain required scripts. Fetching additional code from GitHub is common but still a supply-chain step that should be audited. The packaged index.js alone is insufficient to function, so the user must pull external code before use.
Credentials
The skill does not request environment variables or credentials, which is proportionate. However, its legitimate functionality requires access to the user's running Chrome and will read the contents of logged-in pages (Gmail, GitHub, etc.), which is inherently sensitive — users should consider whether exposing those pages to an agent is acceptable.
Persistence & Privilege
The skill is not marked always:true and does not request system-wide config changes or persistent privileges. It does execute commands locally but does not itself claim to persist or modify other skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install chrome-cdp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /chrome-cdp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of chrome-cdp-skill. - Enables AI agents to access and interact with your open Chrome tabs using the Chrome DevTools Protocol (CDP). - Supports reading logged-in pages, interacting with live tabs, and accessing actual in-use page states. - Provides a command-line interface to list tabs, take screenshots, extract HTML, click elements, type, navigate, and evaluate JavaScript. - Integrates with OpenClaw via direct script execution, MCP server, or as a Skill. - Requires Chrome with remote debugging enabled and Node.js 22+.
元数据
Slug chrome-cdp
版本 1.0.0
许可证 MIT-0
累计安装 12
当前安装数 11
历史版本数 1
常见问题

chrome-cdp 是什么?

通过Chrome远程调试协议访问已打开的Chrome标签页,支持读取登录状态页面及与真实页面交互操作。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 858 次。

如何安装 chrome-cdp?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install chrome-cdp」即可一键安装,无需额外配置。

chrome-cdp 是免费的吗?

是的,chrome-cdp 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

chrome-cdp 支持哪些平台?

chrome-cdp 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 chrome-cdp?

由 Anonymous(@adminlove520)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论