← 返回 Skills 市场
Ghost Browser
作者
Neo The Lobster
· GitHub ↗
· v1.0.4
514
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install neo-stealth-browser
功能描述
Automated Chrome browser using nodriver for AI agent web tasks. Full CLI control with LLM-optimized commands — text-based interaction, markdown output, sessi...
安全使用建议
This skill mostly does what it says (Chrome automation using nodriver), but there are packaging and install inconsistencies and it will store session cookies and profiles locally. Before installing: 1) Review the full Python script (scripts/stealth_browser.py) for any network endpoints or unexpected behavior you don't trust. 2) Do not run setup.sh blindly — it installs packages and attempts to make a CLI executable but references a non-existent path (scripts/ghost-browser), indicating a broken package. 3) Consider running the skill in an isolated environment (VM/container) or test account to avoid exposing real credentials. 4) If you plan to persist sessions, be aware cookies/localStorage are stored under ~/.openclaw/... and can contain sensitive tokens. 5) Prefer skills with an identifiable source/homepage or official releases; if you need this capability, request a corrected package (matching filenames and a clear install spec) or a signed release from the author.
功能分析
Type: OpenClaw Skill
Name: neo-stealth-browser
Version: 1.0.4
The OpenClaw AgentSkills skill bundle 'neo-stealth-browser' is classified as suspicious due to its powerful capabilities that, while intended for legitimate browser automation and anti-bot evasion, pose significant risks if misused. Key indicators include the `eval` command in `scripts/stealth_browser.py` and `SKILL.md`, allowing arbitrary JavaScript execution within the browser context. Additionally, the skill supports downloading files from arbitrary URLs (`_handle_download` in `stealth_browser.py`) and installing/loading Chrome extensions (`cmd_install_extension`, `_handle_load_extension`), which could be exploited to fetch and execute malicious payloads or install compromised browser extensions. While the skill's documentation and code include defensive prompt injection and transparency regarding data storage, these powerful primitives, combined with advanced anti-detection techniques (e.g., mouse event patching, human-like clicks, reCAPTCHA evasion), elevate the risk profile to suspicious, as they could facilitate sophisticated attacks if the agent is compromised or given malicious instructions.
能力评估
Purpose & Capability
The name/description align with what the files implement: a Python-based Chrome automation daemon using nodriver. Required binaries (python3, Chrome/Chromium) and a pip dependency on nodriver are appropriate. However the package shows signs of sloppy packaging: _meta.json version differs from registry metadata, and the repo/source/homepage are unknown — reducing traceability.
Instruction Scope
SKILL.md instructs the agent to use the local ghost-browser CLI for navigation, element interaction, and session save/load. The runtime instructions stay within the stated purpose (browser automation). They do direct the agent to persist and restore sessions (cookies/localStorage), which will store authentication state locally — expected for this functionality but sensitive.
Install Mechanism
The registry declares no install spec, but repository includes setup.sh and requirements.txt that create a venv and pip-install nodriver. That mismatch is an inconsistency. The setup.sh also tries to chmod +x a script path (scripts/ghost-browser) that does not appear in the file manifest (the provided script is scripts/stealth_browser.py), which likely means the packaged setup is broken or mismatched. Because the skill executes local Python and installs packages, you should not run setup scripts without review.
Credentials
No environment variables or external credentials are requested. The code writes state, profiles, logs, cookies and session files into ~/.openclaw/... which is proportional to a browser automation tool but means the skill will store potentially sensitive cookies/auth tokens on disk under the user's account.
Persistence & Privilege
The skill does persist state (profiles, sessions, cookies) to the user's home directory. It is not force-included (always:false) and does not request elevated system privileges, but persistence of session cookies/localStorage increases the sensitivity of what is stored locally and the blast radius if the skill were compromised.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install neo-stealth-browser - 安装完成后,直接呼叫该 Skill 的名称或使用
/neo-stealth-browser触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
Fix Chrome requirement in requires.bins, setup.sh references ghost-browser consistently, extension renamed to cdp-input-fix, removed old stealth-browser CLI wrapper
v1.0.3
Fix Chrome requirement in requires.bins, setup.sh references ghost-browser consistently, extension renamed from turnstile-patch to cdp-input-fix, removed old stealth-browser CLI wrapper
v1.0.2
Fix Chrome requirement, naming consistency, extension rename
v1.0.1
Removed mcporter.json auto-modification for security
v1.0.0
Initial release — undetected Chrome browser with LLM-optimized commands, bypasses Cloudflare/DataDome/hCaptcha
元数据
常见问题
Ghost Browser 是什么?
Automated Chrome browser using nodriver for AI agent web tasks. Full CLI control with LLM-optimized commands — text-based interaction, markdown output, sessi... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 514 次。
如何安装 Ghost Browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install neo-stealth-browser」即可一键安装,无需额外配置。
Ghost Browser 是免费的吗?
是的,Ghost Browser 完全免费(开源免费),可自由下载、安装和使用。
Ghost Browser 支持哪些平台?
Ghost Browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ghost Browser?
由 Neo The Lobster(@neothelobster)开发并维护,当前版本 v1.0.4。
推荐 Skills