← 返回 Skills 市场
web3toolshub

chrome-cdp-skill

作者 Web3ToolsHub · GitHub ↗ · v1.0.6 · MIT-0
darwinlinuxwin32 ⚠ suspicious
478
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install chrome-cdp-skill
功能描述
Interact with a local Chrome-family browser session over CDP when the user explicitly asks to inspect, debug, or interact with a page they already have open.
使用说明 (SKILL.md)

Chrome CDP

Lightweight Chrome DevTools Protocol CLI. Connects directly via WebSocket, does not need Puppeteer, and works well with large tab counts.

Prerequisites

  • Chrome (or Chromium, Brave, Edge, Vivaldi) with remote debugging enabled: open chrome://inspect/#remote-debugging and toggle the switch
  • Node.js 22+ (uses built-in WebSocket)
  • No Python or pip packages are required
  • No npm install step is required
  • If your browser's DevToolsActivePort is in a non-standard location, set CDP_PORT_FILE to its full path

Quick setup

  1. Open Chrome and keep it running.
  2. Open chrome://inspect/#remote-debugging.
  3. Turn on remote debugging.
  4. Keep the browser open while using this skill.
  5. Run {baseDir}/scripts/cdp.mjs list to confirm that tabs are visible.

On first access to a tab, Chrome may ask the user to approve debugging access.

Installation

  • Recommended: clawhub install chrome-cdp-skill
  • Manual: place this skill directory in your OpenClaw workspace skills/ folder
  • This skill does not require npm install, Python, or pip packages

Safety

This skill can inspect and control a real local browser session. Commands such as eval, evalraw, click, type, and nav are intentionally powerful and may trigger warnings from security scanners.

Only use this skill when the user explicitly wants you to inspect or operate pages they already have open. Assume those tabs may contain sensitive logged-in content.

The skill only works after the user enables Chrome remote debugging. On first access to a tab, Chrome may ask the user to approve debugging access.

Commands

All commands use {baseDir}/scripts/cdp.mjs. The \x3Ctarget> is a unique targetId prefix from list; copy the full prefix shown in the list output (for example 6BE827FA). The CLI rejects ambiguous prefixes.

List open pages

{baseDir}/scripts/cdp.mjs list

Take a screenshot

{baseDir}/scripts/cdp.mjs shot \x3Ctarget> [file]    # default: screenshot-\x3Ctarget>.png in runtime dir

Captures the viewport only. Scroll first with eval if you need content below the fold. Output includes the page's DPR and coordinate conversion hint (see Coordinates below).

Accessibility tree snapshot

{baseDir}/scripts/cdp.mjs snap \x3Ctarget>

Evaluate JavaScript

{baseDir}/scripts/cdp.mjs eval \x3Ctarget> \x3Cexpr>

Watch out: avoid index-based selection (querySelectorAll(...)[i]) across multiple eval calls when the DOM can change between them (e.g. after clicking Ignore, card indices shift). Collect all data in one eval or use stable selectors.

Other commands

{baseDir}/scripts/cdp.mjs html    \x3Ctarget> [selector]      # full page or element HTML
{baseDir}/scripts/cdp.mjs nav     \x3Ctarget> \x3Curl>           # navigate and wait for load
{baseDir}/scripts/cdp.mjs net     \x3Ctarget>                 # resource timing entries
{baseDir}/scripts/cdp.mjs click   \x3Ctarget> \x3Cselector>      # click element by CSS selector
{baseDir}/scripts/cdp.mjs clickxy \x3Ctarget> \x3Cx> \x3Cy>         # click at CSS pixel coords
{baseDir}/scripts/cdp.mjs type    \x3Ctarget> \x3Ctext>          # Input.insertText at current focus; works in cross-origin iframes unlike eval
{baseDir}/scripts/cdp.mjs loadall \x3Ctarget> \x3Cselector> [ms] # click "load more" until gone (default 1500ms between clicks)
{baseDir}/scripts/cdp.mjs evalraw \x3Ctarget> \x3Cmethod> [json] # raw CDP command passthrough
{baseDir}/scripts/cdp.mjs open    [url]                    # open new tab (each triggers Allow prompt)
{baseDir}/scripts/cdp.mjs stop    [target]                 # stop daemon(s)

Coordinates

shot saves an image at native resolution: image pixels = CSS pixels × DPR. CDP Input events (clickxy etc.) take CSS pixels.

CSS px = screenshot image px / DPR

shot prints the DPR for the current page. Typical Retina (DPR=2): divide screenshot coords by 2.

Tips

  • Prefer snap --compact over html for page structure.
  • Use type (not eval) to enter text in cross-origin iframes — click/clickxy to focus first, then type.
  • Chrome shows an "Allow debugging" modal once per tab on first access. A background daemon keeps the session alive so subsequent commands need no further approval. Daemons auto-exit after 20 minutes of inactivity.
安全使用建议
This skill legitimately controls a local browser via Chrome's DevTools Protocol. Before installing: (1) Confirm you trust the skill source and review scripts/cdp.mjs (it runs locally and will create sockets/files under your home directory). (2) Only enable Chrome remote debugging when you intend to allow this access — remote debugging + eval/evalraw can execute arbitrary JS in pages (including pages where you're logged in). (3) Avoid using it on sensitive or production accounts unless you understand the implications. (4) If you need stronger assurance, run the script in an isolated account or VM and inspect the code for any unexpected network calls or telemetry.
功能分析
Type: OpenClaw Skill Name: chrome-cdp-skill Version: 1.0.6 The skill provides a powerful interface for controlling a local Chrome browser via the DevTools Protocol (CDP), enabling arbitrary JavaScript execution (`eval`) and raw protocol commands (`evalraw`) through `scripts/cdp.mjs`. While the implementation is technically sound and includes local security precautions like restricted file permissions (0o700), the inherent capabilities allow an agent to access sensitive browser data, including cookies and authenticated sessions. The use of a background daemon and IPC via Unix sockets or named pipes provides persistent access to the browser, which is a high-risk capability that could be exploited if the agent is subjected to prompt injection.
能力评估
Purpose & Capability
Name/description match the implemented behaviour: the script opens a local DevTools WebSocket, lists pages, screenshots, evaluates JS, clicks, navigates, and manages per-tab daemons. Required binary (node) and read access to browser DevToolsActivePort files are expected for this purpose.
Instruction Scope
SKILL.md instructs the agent to run the included CLI (scripts/cdp.mjs) which reads DevToolsActivePort files, creates a runtime directory and sockets, and connects to the browser's local CDP WebSocket. This is necessary for operation but also means the skill can inspect and control content in any open tab once remote debugging is enabled; eval/evalraw commands allow executing arbitrary JS inside pages. The SKILL.md explicitly warns about sensitive content.
Install Mechanism
No install spec; instruction-only with a single Node script. Nothing is downloaded from external URLs during install and no package managers are required, so install risk is low.
Credentials
The skill requires only Node and optionally reads environment variables CDP_PORT_FILE and CDP_HOST (documented in SKILL.md) and uses home/XDG dirs for sockets/cache. It does not request secret tokens or unrelated credentials. Access to the user's home directory and runtime dirs is necessary for socket files and caching.
Persistence & Privilege
Does not request always:true and is not force-enabled. It spawns per-tab daemons and writes runtime files under a user-scoped directory; daemons auto-exit after idle. It does not modify other skills or global agent configuration.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install chrome-cdp-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /chrome-cdp-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
update
v1.0.5
change slug and name
v1.0.4
Clarify installation, dependencies, remote debugging setup, and security notes
v1.0.3
Clarify dependencies, remote debugging setup, and security notes
v1.0.2
Initial ClawHub release
元数据
Slug chrome-cdp-skill
版本 1.0.6
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 5
常见问题

chrome-cdp-skill 是什么?

Interact with a local Chrome-family browser session over CDP when the user explicitly asks to inspect, debug, or interact with a page they already have open. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 478 次。

如何安装 chrome-cdp-skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install chrome-cdp-skill」即可一键安装,无需额外配置。

chrome-cdp-skill 是免费的吗?

是的,chrome-cdp-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

chrome-cdp-skill 支持哪些平台?

chrome-cdp-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux, win32)。

谁开发了 chrome-cdp-skill?

由 Web3ToolsHub(@web3toolshub)开发并维护,当前版本 v1.0.6。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论