← 返回 Skills 市场
lock-me-in
作者
MichaelLod
· GitHub ↗
· v1.2.0
· MIT-0
315
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install lock-me-in
功能描述
Remote browser login and session persistence for headless servers. Start an interactive browser session via a temporary public URL (cloudflared tunnel), let...
使用说明 (SKILL.md)
lock-me-in
Remote browser login via temporary public URL. The user logs in visually; cookies persist for future automation.
How It Works
- Agent launches headless Chromium with Playwright
- A web UI streams live screenshots of the browser
- Cloudflared creates a temporary public tunnel URL
- User opens the link, clicks/types to log in
- Session (cookies + localStorage) saved to disk
- Future Playwright sessions load the saved state
Quick Start
# Start a login session
node \x3Cskill-dir>/scripts/browser-login.mjs \x3Curl> \x3Csession-name>
# Examples
node \x3Cskill-dir>/scripts/browser-login.mjs https://linkedin.com/login linkedin
node \x3Cskill-dir>/scripts/browser-login.mjs https://github.com/login github
node \x3Cskill-dir>/scripts/browser-login.mjs https://mail.google.com gmail
Run in background with nohup, capture the tunnel URL from stdout:
nohup node \x3Cskill-dir>/scripts/browser-login.mjs \x3Curl> \x3Cname> > /tmp/lock-me-in.log 2>&1 &
# Wait for URL:
grep -m1 'LOGIN URL' /tmp/lock-me-in.log
Send the tunnel URL to the user via their messaging channel.
Loading Saved Sessions
To use a saved session in Playwright automation:
import { chromium } from 'playwright-core';
const browser = await chromium.launch({ executablePath: CHROME_PATH, headless: true, args: ['--no-sandbox'] });
const context = await browser.newContext({
storageState: '/data/home/.browser-sessions/\x3Csession-name>/storage.json'
});
const page = await context.newPage();
await page.goto('https://linkedin.com/feed'); // Already logged in!
Session Storage
Sessions persist at /data/home/.browser-sessions/\x3Cname>/:
storage.json— Cookies + localStorage (Playwright format)meta.json— Session metadata (last URL, timestamp, cookie count)
List saved sessions: ls /data/home/.browser-sessions/
Configuration
Environment variables:
LOCK_ME_IN_SESSIONS_DIR— Override sessions dir (default:/data/home/.browser-sessions)LOCK_ME_IN_CHROME_PATH— Override Chrome path (auto-detected from Playwright)LOCK_ME_IN_PORT— Override local proxy port (default: 18850)OPENCLAW_PROXY_URL— HTTP proxy for browser traffic (auto-parsed for auth)
Script flags:
--port=N— Local proxy port--timeout=N— Auto-close after N seconds (default: 900 = 15 min)
Requirements
- Playwright-compatible Chromium (installed via
npx playwright install chromium) cloudflaredbinary for tunneling (install:curl -sL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared)- Node.js 18+
Web UI Controls
- Click on screenshot to click that position
- Send types text into the focused element
- Tab / Enter for keyboard navigation
- ← Back browser back button
- ↓ Scroll scroll down
- Navigate go to a specific URL
- 💾 Save persist session without closing
- ✅ Done save and close everything
Security Notes
- Tunnel URLs are random and short-lived (valid only while the process runs)
- No authentication on the tunnel by default — share the URL only with the intended user
- Sessions contain auth cookies — treat
storage.jsonas sensitive - Auto-closes after 15 minutes by default to limit exposure
安全使用建议
This skill does what it says (a remote headless-browser login tunnel that saves cookies/localStorage), but it has several caution points you should consider before installing or running it:
- Registry metadata omits actual runtime requirements. SKILL.md and the script require Node.js, Playwright/Chromium, and cloudflared; ensure those are installed from official sources.
- The script exposes an unauthenticated public tunnel URL (cloudflared). Treat any tunnel URL as extremely sensitive — do not share it outside a trusted channel, and prefer enabling tunnel access controls (short-lived tokens, IP whitelisting, or auth) if possible.
- The tool persists storage.json (cookies + localStorage). Those files effectively contain live authentication and should be stored with strict file permissions, encrypted at rest, and rotated/cleared when no longer needed.
- The script injects stealth anti-detection code into pages. That is commonly used for automation, but combined with persistent sessions it could be abused for automated account access. Review the code carefully and consider running it in an isolated VM/container and with an account that can be revoked (not your primary account).
- The code references a hard-coded Playwright path ('/app/node_modules/playwright-core') and probes specific home/cache paths; review and, if needed, set LOCK_ME_IN_CHROME_PATH and LOCK_ME_IN_SESSIONS_DIR to controlled locations.
- Do not set OPENCLAW_PROXY_URL or similar proxy env vars to untrusted values; a proxy can capture credentials and page content.
If you want to proceed: run the script only in an isolated environment, limit tunnel exposure (add auth or VPN), audit the entire script (including the parts not shown here), and prefer ephemeral/test credentials when using it until you are comfortable with its behavior.
功能分析
Type: OpenClaw Skill
Name: lock-me-in
Version: 1.2.0
The 'lock-me-in' skill bundle (scripts/browser-login.mjs) provides a mechanism to remotely control a headless browser and persist authentication sessions. It uses 'cloudflared' to create a public tunnel (trycloudflare.com) to a local web UI, allowing remote interaction with the browser. However, the tunnel is unauthenticated by default, and the script includes a high-risk '/eval' endpoint that allows arbitrary JavaScript execution within the browser context. While these features support the stated goal of remote login, the combination of public exposure, lack of access control, and powerful execution capabilities creates a significant security risk for session hijacking and unauthorized remote control.
能力评估
Purpose & Capability
The skill claims to provide a remote browser login proxy and the included script implements that. However the registry metadata declared no requirements while SKILL.md and the script require Playwright/Chromium, cloudflared, and Node.js. The script also hard-codes an import path ('/app/node_modules/playwright-core') and probes Playwright caches and specific filesystem paths — these implementation details are plausible for the stated purpose but are not reflected in the registry metadata and look platform-specific.
Instruction Scope
Runtime instructions and the script start a headless browser, expose a web UI, and create a temporary public cloudflared tunnel with no built-in authentication. SKILL.md tells the operator/agent to 'Send the tunnel URL to the user via their messaging channel.' Exposing an unauthenticated, short-lived public UI that accepts clicks/keyboard input and persists auth cookies is within the feature set but is a high-risk action scope (sensitive session data may be exposed if the URL leaks). The script also injects stealth/anti-detection scripts into pages — appropriate for automation but increases risk if abused.
Install Mechanism
This is an instruction-only skill with one shipped script and no install spec. No external binary is downloaded by the skill itself. SKILL.md instructs how to install cloudflared (GitHub release URL) and Playwright via npx, which are conventional but will be performed manually by the operator.
Credentials
The registry metadata listed no required env vars, but SKILL.md and the script use multiple environment variables (LOCK_ME_IN_SESSIONS_DIR, LOCK_ME_IN_CHROME_PATH, LOCK_ME_IN_PORT, OPENCLAW_PROXY_URL and in code LOCK_ME_IN_CLOUDFLARED). OPENCLAW_PROXY_URL or LOCK_ME_IN_CLOUDFLARED could carry credentials or control where traffic is proxied. The skill writes sensitive session state (storage.json containing cookies/localStorage) to disk; that is expected for the purpose but is highly sensitive and the skill does not provide enforced protection or encryption for those files.
Persistence & Privilege
The skill does not request always:true and does not appear to modify other skills or system-wide configuration. It persists session files to a sessions directory (default /data/home/.browser-sessions), which is normal for its purpose but increases blast radius if the environment is shared. The platform-default ability for the agent to invoke the skill autonomously combined with saved authenticated sessions is worth caution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install lock-me-in - 安装完成后,直接呼叫该 Skill 的名称或使用
/lock-me-in触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Mobile touch click fix, /eval and /click-text endpoints for JS elements (Google OAuth), SingletonLock auto-cleanup, crash-safe signal handlers, 1920x1080 viewport, persistent Chrome profile with stealth evasions
v1.1.0
Stealth evasions (anti-bot detection bypass), Clear/Backspace buttons, improved Back button, popup handling for social logins, removed playwright-extra dependency
v1.0.2
Add Clear and Backspace buttons, fix Back button with keyboard fallback, improved field editing UX
v1.0.1
Fix UTF-8 encoding, add social login popup support, improve proxy auth handling
v1.0.0
Initial release
元数据
常见问题
lock-me-in 是什么?
Remote browser login and session persistence for headless servers. Start an interactive browser session via a temporary public URL (cloudflared tunnel), let... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 315 次。
如何安装 lock-me-in?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install lock-me-in」即可一键安装,无需额外配置。
lock-me-in 是免费的吗?
是的,lock-me-in 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
lock-me-in 支持哪些平台?
lock-me-in 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 lock-me-in?
由 MichaelLod(@michaellod)开发并维护,当前版本 v1.2.0。
推荐 Skills