← 返回 Skills 市场

Jarvis Browser Setup

Name: Jarvis Browser Setup
Author: evernation

作者 evernation · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

187

总下载

当前安装

版本数

在 OpenClaw 中安装

/install jarvis-browser-setup

功能描述

Setup Jarvis Browser Control System for new users. Generates unique WebSocket auth token, configures server, and prepares extension files. Use when user want...

使用说明 (SKILL.md)

Jarvis Browser Setup

Setup Jarvis Browser Control System v3.5 for new users with fully automated token generation.

When to Use

Use this skill when:

User wants to share browser control with someone else
Setting up a new instance for another user
Need to generate new unique auth token
Preparing distributable package

Key Feature: FULLY AUTOMATED 🎯

The user just says:

"Setup Jarvis Browser for me"

And OpenClaw automatically:

🔑 Generates unique auth token
📦 Creates server config
🚀 Starts WebSocket server
⚙️ Prepares extension files
✅ Provides ready-to-use setup

No manual steps required!

For OpenClaw Users (Recommended)

# Install skill
clawhub install jarvis-browser-setup

# Then just say:
"Setup Jarvis Browser for me"
# OpenClaw does everything automatically!

For Manual Setup

python3 ~/.openclaw/workspace/skills/jarvis-browser-setup/scripts/setup.py

Output

config.json - Token & IP configuration
server/ - Python WebSocket server (auto-started)
extension/ - Pre-configured Chrome extension
README.md - Setup instructions

Token Format

48 random characters (cryptographically secure)
Example: XsJ3N-mAtusZ+WSPr0Ca!ExnVdQ8UuGd8J9PCwo9l8bmX3ACylw6Nv
Unique per user

Security

Each user gets unique token
Token never shared between users
Server validates token on every connection

Requirements

Python 3.8+
Chrome/Edge browser
Port 8765 available

安全使用建议

This skill is not obviously malicious, but it has inconsistencies and risky assumptions you should understand before running it. Things to check/do before installing or executing: - Do not assume the WebSocket server will be started automatically: SKILL.md claims auto-start, but scripts only prepare files and print instructions—you must manually inspect and start the server. Look for and review the actual server file (e.g., server/jarvis_server_v3.5_fixed.py) before running it. - Verify token handling: the script generates a token but does not explicitly inject it into the extension in a robust way. After running, inspect extension/config.js and server config to ensure the token is present only where intended and not accidentally exposed. - Confirm the template path: the script copies files from /home/openclaw/.openclaw/workspace/jarvis-browser-v3.3-hybrid. If that path exists on your system it will be read/copied — ensure those files are safe and don’t contain secrets. If the path does not exist the script will print a warning and do less than the README promises. - Run in an isolated/sandbox environment first (VM or container) and review all generated files (config.json, server/*, extension/*) before exposing any machine or network port publicly. - Be cautious with the generated token: treat it as a secret. Do not share the output folder publicly. If you decide to use this, rotate tokens and restrict network access to the server (firewall, bind to localhost or trusted interface). If you need higher assurance, ask the publisher for the server code (jarvis_server_v3.5_fixed.py) and the extension source so you can audit how authentication is validated and whether any telemetry or external endpoints exist. If you cannot verify those, mark this skill as untrusted and avoid running it on production machines.

功能分析

Type: OpenClaw Skill Name: jarvis-browser-setup Version: 1.0.1 The skill automates the deployment of a remote browser control system, including a WebSocket server and a Chrome extension. While the script (`scripts/setup.py`) performs legitimate configuration tasks like secure token generation, the capability it enables is high-risk as it allows full remote manipulation of a user's browser. The script relies on templates from a hardcoded local path (`/home/openclaw/.openclaw/workspace/jarvis-browser-v3.3-hybrid`) not included in the bundle, and the `SKILL.md` instructions use persuasive language to encourage the AI agent to execute the setup autonomously, which could lead to unintended remote access if triggered via prompt injection.

能力评估

⚠ Purpose & Capability

Name/description claim: create token, configure server, prepare extension and auto-start server. The provided script generates a token and prepares files, which matches, but it does NOT start the WebSocket server nor robustly inject the token into the extension. It also relies on a hard-coded template directory (/home/openclaw/.openclaw/workspace/jarvis-browser-v3.3-hybrid) outside the skill's own workspace — an assumption that may access unrelated files. These mismatches between claim and actual behavior are unexplained.

⚠ Instruction Scope

SKILL.md promises a fully-automated end-to-end setup (including starting the WebSocket server). The runtime script only creates an output folder, copies templates (if present), updates a single hard-coded ws URL string in extension/config.js, and writes config.json/README. It does not daemonize or launch the server, nor does it reliably place the token into extension files. The script reads/writes files in absolute paths under the OpenClaw workspace and will fallback to a hard-coded IP, which is broader file-system and network access than the SKILL.md makes clear.

✓ Install Mechanism

No install spec — instruction-only skill with a bundled Python script. No remote downloads, package installs, or extracted archives. This is lower risk from an install-mechanism perspective.

ℹ Credentials

The skill requires no environment variables or external credentials, which is proportional. However, the script reads from an absolute template path in the user's OpenClaw workspace; that could expose or copy unrelated files if the template path is present. It also reaches out to 8.8.8.8 (UDP) to determine the host IP—an innocuous network probe but worth noting.

ℹ Persistence & Privilege

always:false and no special privileges requested. The script writes files into the current working dir (creates an output package) and copies from a workspace folder; it does not modify other skills' configurations or claim permanent presence. Still, copying from another workspace path could touch other skills' artifacts.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install jarvis-browser-setup
安装完成后，直接呼叫该 Skill 的名称或使用 /jarvis-browser-setup 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.1

Updated: Now fully automated - OpenClaw handles complete setup automatically. User just needs to say 'Setup Jarvis Browser' and everything is configured automatically.

v1.0.0

Initial release - Automated token generation for Jarvis Browser Control v3.5

元数据

Slug jarvis-browser-setup

版本 1.0.1

许可证 MIT-0

累计安装 1

当前安装数 1

历史版本数 2

常见问题