← 返回 Skills 市场
Openclaw Web Automation
作者
Marcos Athanasoulis
· GitHub ↗
· v1.0.7
965
总下载
2
收藏
0
当前安装
8
版本数
在 OpenClaw 中安装
/install openclaw-web-automation
功能描述
Automates web interactions for public site checks or authenticated flows with credential references and optional iMessage notifications.
安全使用建议
This skill is coherent with a web-automation purpose, but exercise caution before installing or running it:
- Audit and run in an isolated environment: `pip install -e .` can execute project build hooks and will import local code. Use a disposable virtualenv or container before trusting it on a workstation with sensitive data.
- Inspect the full OpenClaw Automation Kit code (especially openclaw_automation.cli, AutomationEngine, and parse_query_to_run) before use — the runner delegates runtime behavior to those modules and they could run arbitrary scripts or access local files.
- Be aware of repo-root discovery: the script searches the current working directory and parents for a manifest; running it from an unexpected directory could cause it to pick up and execute a different automation repo.
- Network access is unrestricted (network_domains: ["*"]). If you need strict boundaries, run the skill in a network-restricted sandbox.
- Do not provide credentials to this skill: although SKILL.md says no credentials are required, nothing in the code enforces that at runtime. If you need login-required checks, obtain a clearly scoped skill that explicitly requires and documents those credentials.
If you want to proceed safely: review the automation package source code, run the skill only in a sandboxed environment, and set OPENCLAW_AUTOMATION_ROOT explicitly to the intended repository path before invoking.
功能分析
Type: OpenClaw Skill
Name: openclaw-web-automation
Version: 1.0.7
The skill bundle is classified as benign. The `SKILL.md` instructions do not contain any prompt injection attempts, and the `scripts/run_query.py` script safely handles user input by passing arguments as a list to `subprocess.run`, preventing shell injection. The `runner.py` entrypoint delegates core functionality to the `openclaw_automation` library, which is a standard practice for platform skills. While `manifest.json` grants broad `network_domains: ["*"]` permissions, this is necessary for its stated purpose of "public-site automation" against arbitrary websites, and there is no code within the provided files that indicates an intent to misuse this permission for data exfiltration or other malicious activities.
能力评估
Purpose & Capability
Name/description match the included runner and scripts: they invoke a local OpenClaw Automation Kit to fetch and analyze public pages. However the SKILL.md requires `pip install -e .` and a local repo root — heavier privileges than the name implies. Asking users to install the whole package locally and allowing arbitrary repo roots is more capability than a simple 'public-site checker' suggests.
Instruction Scope
SKILL.md restricts use to public sites and no credentials, but the runtime flow delegates work to openclaw_automation.cli / AutomationEngine, which are not included here. The skill will run whatever scripts the automation kit resolves to (script_dir derived from the parsed query). Nothing in the code enforces the 'no credentials' rule or prevents the automation kit from running additional commands, reading files, or contacting arbitrary endpoints.
Install Mechanism
There is no formal install spec, but SKILL.md instructs users to run `pip install -e .`. Editable installs run local package build hooks and make code importable system-wide — a high-risk step if you haven't audited the repository. The skill itself does not provide a vetted remote distribution or reproducible install; that increases the chance of executing unreviewed code during install or runtime.
Credentials
The skill declares no required env vars, which aligns with the 'no credentials' claim. The runner scripts will honor an optional OPENCLAW_AUTOMATION_ROOT if set (used to locate the repo). The manifest grants network_domains: ["*"], permitting outbound requests to any domain — reasonable for web automation but broader than the SKILL.md's 'public websites only' promise and therefore worth noting.
Persistence & Privilege
always is false and the skill does not request platform-level persistence. It runs in a stateless execution model and is user-invocable, which is appropriate.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-web-automation - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-web-automation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.7
Refresh smoke coverage and examples (weather, website status, calculator)
v1.0.6
Security/docs hardening: explicit trust boundary, source pinning guidance, safe defaults, and data-flow notes
v1.0.5
Update skill description for CAPTCHA, 2FA orchestration, and task-completion notifications
v1.0.4
DX improvements: setup.json preflight metadata, doctor command, and retry/backoff
v1.0.3
Credential handling hardening: stdin refs support and clearer trust-boundary docs
v1.0.2
Security hardening: safer credential refs via file/env options and clearer safety docs
v1.0.1
Docs accuracy update and packaging refresh
v1.0.0
Unified skill for basic and advanced browser automation
元数据
常见问题
Openclaw Web Automation 是什么?
Automates web interactions for public site checks or authenticated flows with credential references and optional iMessage notifications. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 965 次。
如何安装 Openclaw Web Automation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-web-automation」即可一键安装,无需额外配置。
Openclaw Web Automation 是免费的吗?
是的,Openclaw Web Automation 完全免费(开源免费),可自由下载、安装和使用。
Openclaw Web Automation 支持哪些平台?
Openclaw Web Automation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Openclaw Web Automation?
由 Marcos Athanasoulis(@marcosathanasoulis)开发并维护,当前版本 v1.0.7。
推荐 Skills