← 返回 Skills 市场
1485
总下载
7
收藏
10
当前安装
1
版本数
在 OpenClaw 中安装
/install opencli-tool
功能描述
使用 OpenCLI 工具从各种网站和桌面应用获取数据、下载媒体内容、控制外部 CLI 工具。支持 Bilibili、知乎、小红书、Twitter/X、Reddit、YouTube、Boss直聘、即刻、微博等 30+ 平台,以及 Cursor、Codex、ChatGPT、Notion 等桌面应用。当用户需要:从社...
安全使用建议
This skill appears to be what it says, but pay attention to a few important points before installing:
- Manifest mismatch: the registry metadata claims no required binaries/env, yet SKILL.md requires Node >= 20, Chrome running, a Browser Bridge extension, and optionally yt-dlp and other CLIs. Treat the listed install steps as mandatory.
- Sensitive local access: the tool reuses Chrome login sessions and talks to a local daemon (localhost:19825). That means the installed extension/daemon can access cookies, logged-in accounts, and local app state. Only proceed if you trust the package and extension.
- Third-party code risk: you must run `npm install -g @jackwener/opencli` and install an extension downloaded from GitHub Releases (and enable developer mode). Review the GitHub repo and NPM package owner, read the extension code or releases, and prefer official/reputable sources.
- Limit exposure: consider using a dedicated browser profile or secondary OS user for scraping tasks, avoid using sensitive accounts when the extension has access, and inspect network activity if possible.
- If you need higher assurance: review the opencli source code (repo and npm package), verify the Browser Bridge release checksum, and check what data the extension/daemon sends over the network.
Given the metadata omissions and the sensitive nature of browser session reuse, proceed with caution; if you cannot audit the external package and extension, consider alternatives or limit the accounts used with this tool.
功能分析
Type: OpenClaw Skill
Name: opencli-tool
Version: 1.0.0
The skill integrates the 'opencli' tool, which provides an AI agent with high-privilege access to logged-in browser sessions (via a custom Chrome extension), desktop applications (Cursor, Notion, Discord), and system-level CLI tools (Docker, Kubectl). While these capabilities are aligned with the tool's stated purpose of automation and data extraction, the broad access to sensitive personal data, session cookies, and local system commands represents a significant security risk. The skill encourages the installation of a global NPM package (@jackwener/opencli) and a manual Chrome extension to facilitate this access, as detailed in SKILL.md.
能力评估
Purpose & Capability
The SKILL.md describes exactly the advertised capabilities (web scraping via browser bridge, desktop app control, external CLI passthrough, media download). However the registry metadata declares no required binaries or env vars while the instructions clearly require Node.js >= 20, Chrome running, a Browser Bridge extension, and optionally yt-dlp and other CLIs (gh, docker, kubectl). That omission is an incoherence: the skill will need local binaries and browser access even though the manifest lists none.
Instruction Scope
Instructions direct the agent to reuse Chrome's login state via a Browser Bridge extension and to talk to a local daemon (localhost:19825). Reusing browser sessions and controlling desktop apps/CLIs gives the tool access to logged-in accounts, cookies, and local resources — this is functionally necessary for the described features but is sensitive. The SKILL.md does not place explicit limits on which accounts/sites or what data may be accessed, so the agent (via the installed tool/extension) could obtain broad local/session data.
Install Mechanism
There is no formal install spec in the registry, but the SKILL.md instructs the user to run `npm install -g @jackwener/opencli` and to download a Browser Bridge extension from a GitHub Releases page. Installing an npm package and a browser extension is a common install method but carries moderate risk: the package and extension are third‑party code you must trust. The instructions also ask to enable developer mode for the extension, which increases risk if the extension source is not verified.
Credentials
The manifest lists no required environment variables or credentials, which aligns with using browser sessions rather than API keys. However, the tool implicitly relies on sensitive local state (Chrome logged-in sessions, desktop app states, local daemon). Those are effectively credentials (session cookies, tokens). The skill does not request explicit API keys, but it does request access to local session data — a proportional capability for the described features but sensitive and should be considered before enabling.
Persistence & Privilege
The skill is instruction-only, always:false, and does not request permanent platform presence or modify other skills. No evidence it escalates privilege in the registry metadata.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install opencli-tool - 安装完成后,直接呼叫该 Skill 的名称或使用
/opencli-tool触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - 支持 30+ 平台和桌面应用的 CLI 工具集成
元数据
常见问题
OpenCLI Tool Integration 是什么?
使用 OpenCLI 工具从各种网站和桌面应用获取数据、下载媒体内容、控制外部 CLI 工具。支持 Bilibili、知乎、小红书、Twitter/X、Reddit、YouTube、Boss直聘、即刻、微博等 30+ 平台,以及 Cursor、Codex、ChatGPT、Notion 等桌面应用。当用户需要:从社... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1485 次。
如何安装 OpenCLI Tool Integration?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install opencli-tool」即可一键安装,无需额外配置。
OpenCLI Tool Integration 是免费的吗?
是的,OpenCLI Tool Integration 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenCLI Tool Integration 支持哪些平台?
OpenCLI Tool Integration 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenCLI Tool Integration?
由 Wike-CHI(@wike-chi)开发并维护,当前版本 v1.0.0。
推荐 Skills