← 返回 Skills 市场
435
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install omni-research
功能描述
Multi-source deep research using your own browser. Queries Perplexity, Grok, and Gemini in parallel via CDP — zero API keys, uses your existing subscriptions.
安全使用建议
Before installing or running this skill: 1) Review the code (research.py and browser.py) yourself — the scripts will control your browser via the Chrome DevTools Protocol and can read any page content. 2) Inspect ~/.config/omni-research/config.json after running setup; remove or set cliproxy_url only to a localhost service you control and replace any non-empty cliproxy_key with an empty string unless you intentionally run a local proxy. 3) Note the inconsistency: research.py sets a default cliproxy_key ('magi-proxy-key-2026') while setup.py uses an empty key — verify which value is in your config before use. 4) Run with a disposable browser profile or a browser instance started specifically for this tool (and ensure --remote-debugging-port is bound to localhost only); do NOT enable remote debugging on machines reachable by others. 5) If you do not want any external network calls, avoid using API-only mode (gemini-api) and ensure cliproxy_url is local. 6) If you are not comfortable granting full CDP control to third-party code, do not run it. If you decide to proceed, prefer running the code only after manual review and with conservative local configuration.
功能分析
Type: OpenClaw Skill
Name: omni-research
Version: 1.0.0
The skill utilizes Chrome DevTools Protocol (CDP) to interact with the user's browser, which is a powerful capability that allows extensive control over browser tabs, including JavaScript execution (`eval_js` in `browser.py`). While the `eval_js` calls in this skill use hardcoded JavaScript and user queries are inserted via `Input.insertText` (safer), the inherent power of CDP and `eval_js` presents a significant vulnerability if not handled with extreme care or if the skill were to be modified. Additionally, the `research.py` script feeds extracted text from potentially untrusted websites into a synthesis LLM, creating a risk of indirect prompt injection or 'data poisoning' against the LLM, even though the synthesis prompt itself is designed for summarization. The `cliproxy_url` defaults to localhost, preventing direct external exfiltration by default, but the overall risk profile warrants a 'suspicious' classification due to these powerful and potentially exploitable capabilities.
能力评估
Purpose & Capability
The skill claims to perform multi-source research via the user's browser and the code shows exactly that (CDP control, opening tabs, evaluating JS). Requiring python3 and websockets/httpx is proportional. However the README's 'zero API keys' claim doesn't match the code paths that use a 'cliproxy' API and a 'cliproxy_key' in the default config (research.py sets a non-empty default key), which is an unexplained inconsistency.
Instruction Scope
Runtime instructions and code connect to the user's browser via CDP and execute arbitrary Runtime.evaluate commands in pages (reads DOM, opens/close tabs, types input). That capability is necessary for the stated purpose but is high-privilege because it can access any content in the browser. The skill also reads/writes a user config at ~/.config/omni-research/config.json (which can hold URLs/keys). The SKILL.md doesn't fully surface the cliproxy/api fallback or the hardcoded key, so the agent could send scraped content to the configured proxy if that endpoint is set to an external host.
Install Mechanism
No install spec is provided (instruction/code-runner model), which keeps install risk low, but the package includes Python scripts that will be executed locally. Dependencies are standard (httpx, websockets). Because there is no explicit vetted package/URL, users will run code directly from this repo — they should inspect it before executing.
Credentials
The registry lists no required env vars or credentials, but the code uses a configurable 'cliproxy_url' and 'cliproxy_key' stored in ~/.config/omni-research/config.json. research.py defines a non-empty default 'cliproxy_key' ('magi-proxy-key-2026') while setup.py writes an empty default — an incoherence that could cause unintended use of a key or proxy. The skill can be configured to call arbitrary endpoints, which would allow exfiltration of scraped content if misconfigured.
Persistence & Privilege
The skill does not request 'always: true' or other persistent platform privileges and does not attempt to modify other skills. However, the runtime requires the browser to be started with remote debugging enabled, which grants the local process (this skill) powerful control over the browser and any logged-in sessions — a legitimate need for the feature but a significant privilege that users must accept consciously.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install omni-research - 安装完成后,直接呼叫该 Skill 的名称或使用
/omni-research触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: multi-source browser research via CDP (Perplexity + Grok + Gemini)
元数据
常见问题
Omni Research 是什么?
Multi-source deep research using your own browser. Queries Perplexity, Grok, and Gemini in parallel via CDP — zero API keys, uses your existing subscriptions. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 435 次。
如何安装 Omni Research?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install omni-research」即可一键安装,无需额外配置。
Omni Research 是免费的吗?
是的,Omni Research 完全免费(开源免费),可自由下载、安装和使用。
Omni Research 支持哪些平台?
Omni Research 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Omni Research?
由 lmanchu(@lmanchu)开发并维护,当前版本 v1.0.0。
推荐 Skills