← 返回 Skills 市场
laziobird

OpenClaw RPA

作者 laziobird · GitHub ↗ · v1.3.0 · MIT-0
darwinlinux ⚠ suspicious
387
总下载
1
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install openclaw-rpa
功能描述
Record browser, Excel, Word & API actions once — replay without the LLM: faster, cheaper, no hallucinations. github.com/laziobird/openclaw-rpa . Supports com...
安全使用建议
This skill is an RPA recorder/replayer and its code and docs largely match that purpose, but there are two things to watch carefully before installing or running it: (1) it saves login cookies to ~/.openclaw/rpa/sessions/<domain>/cookies.json — these are session credentials that let scripts access sites as your logged-in user, so only keep them if you trust the host and secure the files (restrict permissions, don't check into git); (2) its API-recording flow explicitly supports writing provided API keys directly into the generated .py scripts (plain text). Avoid using the `env`-with-value feature or embedding secrets in chat; prefer letting generated scripts reference environment variables at runtime (os.environ.get) or keep secrets in a protected secrets manager. Additional recommendations: review recorder_server.py and rpa_manager.py for any network uploads before use, run the tool in an isolated environment (VM) if you want to test, ensure the install script's effects (venv creation, playwright installing Chromium) are acceptable, and audit any generated scripts before executing them. If you want to proceed, remove or modify behaviors that auto-embed credentials and consider encrypting/storing cookies securely rather than leaving them as plain JSON in your home directory.
功能分析
Type: OpenClaw Skill Name: openclaw-rpa Version: 1.3.0 The skill is an RPA framework that records browser and file actions to generate standalone Playwright Python scripts. It contains high-risk capabilities, specifically the 'python_snippet' feature in 'recorder_server.py' which uses 'exec()' to run arbitrary Python code provided by the agent for validation. Additionally, 'rpa_manager.py' uses 'subprocess.run' to execute the generated scripts. While these features are aligned with the tool's stated purpose as an automation 'compiler,' they create a significant attack surface for Remote Code Execution (RCE) if the AI agent is manipulated via prompt injection. No evidence of intentional malice, such as hardcoded data exfiltration or backdoors, was found in the code logic.
能力标签
cryptocan-make-purchasesrequires-sensitive-credentials
能力评估
Purpose & Capability
The code and documentation align with the stated RPA purpose: Playwright-based browser recording, httpx API calls, openpyxl and python-docx file operations, cookie/session saving for auto-login, and generation of standalone Playwright Python scripts. The listed Python dependencies and templates match what the skill says it does.
Instruction Scope
The runtime instructions (SKILL.md and locale docs) instruct the agent to read/write local files (rpa/*.py, registry.json) and to save cookies under ~/.openclaw/rpa/sessions/<domain>/cookies.json. Critically, the api_call docs explicitly describe an `env` mechanism that will cause a provided secret to be written directly into the generated script (embedding credentials into disked .py files). That expands scope beyond pure automation into persistent secret storage on disk and long-lived session artifacts; callers may not expect this side effect.
Install Mechanism
No platform install spec is declared in the registry (instruction-only), but the repo includes an install script (scripts/install.sh) and requirements.txt that suggest creating a venv and running `playwright install chromium`. If a user or operator follows the included install instructions, Chromium binaries will be installed and a Python venv created. The absence of an automated install spec is lower automatic-risk but means manual install will perform significant local changes.
Credentials
The registry declares no required env vars, yet the skill supports an explicit mechanism to take secrets (via `__ENV:VAR__` + `env` in record-step) and write their values into generated scripts. That is disproportionate to a simple 'help me automate' skill because it causes secrets to be persisted in plain text in produced artifacts without any declaration of required credentials. The skill also persists session cookies (potentially sensitive) to the user's home directory. These persistent secret/session behaviors should be explicitly documented and surfaced to the user before installation/use.
Persistence & Privilege
The skill writes generated scripts (rpa/*.py), updates a local registry.json, and stores cookies under ~/.openclaw/rpa/sessions. This persistence is expected for an RPA recorder, but combined with the automatic embedding of API keys and saved cookies it increases the blast radius: artifacts on disk can be reused externally. The skill does not request 'always: true' nor declare cross-skill/system-wide config modification, which is good.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-rpa
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-rpa 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.3.0
openclaw-rpa 1.2.1 - Added two new real-world scenario articles: Amazon Best Sellers Scraper and Airbnb Competitor Price Tracker. - Featured both new scenarios in a prominently listed, ready-to-run case gallery within the main documentation. - Made registered sample scripts easier to discover and launch via clear #rpa-list and #rpa-run instructions.
v1.2.0
openclaw-rpa 1.2.0 - Added multi-language promotion files (PROMOTION.en-US.md, PROMOTION.zh-CN.md). - Added advanced usage guides and user documentation (articles/advanced-setup.md and .zh-CN, api-call-guide.md and .zh-CN, scenario-airbnb-compare.md). - Introduced locale configuration file (config.json) for dynamic language and instruction management. - Added vision model testing script (scripts/test_vision_qwen_vl.py). - No breaking changes to the locale routing or task protocol.
v1.1.0
openclaw-rpa 1.1.0 introduces major capability expansion for RPA flows (browser, Excel, Word, HTTP API) and a simpler, more flexible skill router. - Added HTTP API automation (httpx GET/POST, key embedding, standalone API flows) - Added native Excel (.xlsx, openpyxl) and Word (.docx, python-docx) automation, no MS Office required - Added auto-login system (#rpa-login, #rpa-autologin) for cookie reuse, skipping login/OTP on replay - Added scenario and tutorial articles (AP reconciliation, auto-login, Python snippets) - Expanded triggers and documentation for new automation modes - Removed old sample scripts and unused shell/batch files for a cleaner repo
v1.0.4
- Added "Output," "Scope," and "Recommended sites" sections to clarify what the skill generates, supported browser/file actions, and suitable/unsuitable websites. - Expanded onboarding to help users understand which flows work best and set expectations. - No code or protocol changes; this update is for clearer documentation and guidance.
v1.0.3
- Added new RPA scripts: `rpa/yahoonew.py` and `rpa/获取豆瓣电影数据.py`. - Removed old scripts: `rpa/wikipedia.py` and `rpa/豆瓣电影v6.py`. - Updated documentation with notes on progressive probing and selector strength in the locale file section.
v1.0.2
- Updated skill description for clarity and conciseness. - Reworded main feature line to better highlight replay without LLM. - No code or functional changes; documentation update only.
v1.0.1
- Expanded `SKILL.md` with practical usage examples and a clearer explanation of what the skill does. - Updated the description to emphasize cost savings and determinism of Playwright replay vs. LLM-driven automation. - Added a quick start section for new users. - Retained bilingual trigger and locale-switching instructions. - Clearly separates the routing/overview role of SKILL.md from the in-depth protocol in locale files. - Included GitHub repo link and sample use cases for easier discovery.
v1.0.0
- Initial release of openclaw-rpa. - Supports AI-assisted recording of browser and local-file actions into Playwright Python scripts. - Deterministic script replay without LLM to save compute and ensure reliable automation. - Locale-based routing: loads instructions and replies in Simplified Chinese or English according to config. - Easy language switching via config file or provided scripts. - Provides commands for recording, listing, and running automation tasks.
元数据
Slug openclaw-rpa
版本 1.3.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 8
常见问题

OpenClaw RPA 是什么?

Record browser, Excel, Word & API actions once — replay without the LLM: faster, cheaper, no hallucinations. github.com/laziobird/openclaw-rpa . Supports com... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 387 次。

如何安装 OpenClaw RPA?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-rpa」即可一键安装,无需额外配置。

OpenClaw RPA 是免费的吗?

是的,OpenClaw RPA 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClaw RPA 支持哪些平台?

OpenClaw RPA 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。

谁开发了 OpenClaw RPA?

由 laziobird(@laziobird)开发并维护,当前版本 v1.3.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论