← 返回 Skills 市场
OpenCLI Universal CLI Hub
作者
zengbao yu
· GitHub ↗
· v1.0.0
· MIT-0
153
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install opencli-yuzengbao
功能描述
OpenCLI — 通用 CLI Hub,将任何网站、Electron 应用或本地工具转化为命令行接口。66+ 内置命令,支持 Bilibili/Twitter/Reddit/Xiaohongshu/GitHub 等。复用 Chrome 登录态,零 LLM 成本,确定性输出。
安全使用建议
This skill is coherent with its purpose but uses sensitive capabilities. Before installing: (1) review the npm package source code and author (@jackwener) and prefer reproducible release artifacts or pinned versions; (2) verify the Browser Bridge extension release artifacts (release URL, checksums) and inspect requested extension permissions; (3) consider running the CLI and extension inside an isolated environment (VM/container) or test account, not against your primary Chrome profile or important accounts; (4) confirm what the local daemon exposes (which endpoints, whether it listens only on localhost, and whether it accepts remote requests); (5) avoid granting it access to accounts with high privileges until you can audit network traffic and code; (6) if you need to proceed, track how to uninstall the npm package and remove the extension/daemon. These steps reduce risk of credentials or sensitive browsing data being exfiltrated.
功能分析
Type: OpenClaw Skill
Name: opencli-yuzengbao
Version: 1.0.0
The opencli skill installs a global NPM package (@jackwener/opencli) and requires the manual installation of a 'Browser Bridge' Chrome extension from a ZIP file to 'reuse Chrome login state.' This architecture is designed to allow CLI access to authenticated web sessions (Bilibili, Twitter, GitHub, etc.), which is a high-risk capability that could be used for data exfiltration. While the documentation in SKILL.md describes it as a productivity tool for API discovery and CLI automation, the requirement to bypass the Chrome Web Store and the inherent access to sensitive session data via a local daemon (localhost:19825) warrant a suspicious classification.
能力评估
Purpose & Capability
Name/description match the behavior: converting websites/Electron apps/local tools to CLI reasonably requires Node, a daemon, and a browser bridge. Requiring node and asking to install opencli via npm is proportionate to the stated purpose. However the description's claim of "Zero risk, Reuse Chrome login" downplays the real security implications of reusing browser auth and installing a browser extension.
Instruction Scope
The SKILL.md instructs installing a global npm package, loading a Browser Bridge extension into Chrome, reusing Chrome login state, using browser_navigate/browser_network_requests/browser_evaluate and intercept techniques, and running a local daemon (port 19825). Those steps expose browser cookies/auth and local services to the tool and to any code the npm package and extension execute. The skill does not explicitly constrain or document how credentials/cookies are handled, what is sent externally, or which endpoints the extension/daemon will contact — leaving room for exfiltration or overbroad data access.
Install Mechanism
No formal install spec in registry, but SKILL.md directs: npm install -g @jackwener/opencli@latest (public npm). Installing a global npm package and a browser extension is common for a CLI+bridge, but both run arbitrary code on the host and get privileged access (global binaries, extension privileges). The SKILL.md also says to download an extension from GitHub Releases (reasonable host) but provides no release URL or checksum to verify integrity.
Credentials
The skill declares no environment variables, but the runtime instructions require access to Chrome login/cookies and local daemon endpoints. Accessing browser authentication and cookies is sensitive and not represented in requires.env or required config paths. The SKILL.md also implies intercepting requests and using credentials:'include' — operations that can access and transmit sensitive tokens/headers.
Persistence & Privilege
The flow installs a global binary, a browser extension, and runs a local daemon — all persistent artifacts. While always:false (not force-enabled), the installed components have lasting presence and privileges (browser extension can persist and a daemon can listen on localhost). The skill does not document least-privilege, opt-in boundaries, or how to uninstall/limit access.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install opencli-yuzengbao - 安装完成后,直接呼叫该 Skill 的名称或使用
/opencli-yuzengbao触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of opencli-yuzengbao (version 1.0.0)
- Provides a universal CLI hub to turn any website, Electron app, or local tool into a CLI command
- Includes 66+ built-in commands with support for popular sites like Bilibili, Twitter, Reddit, Xiaohongshu, and GitHub
- Utilizes Chrome login session for authenticated actions; zero LLM cost and deterministic output
- Supports multiple output formats (JSON, CSV, YAML, Markdown) and command-line integration for AI agents and CLI registration
- Offers quickstart guides, troubleshooting steps, and adapter creation instructions for developers
元数据
常见问题
OpenCLI Universal CLI Hub 是什么?
OpenCLI — 通用 CLI Hub,将任何网站、Electron 应用或本地工具转化为命令行接口。66+ 内置命令,支持 Bilibili/Twitter/Reddit/Xiaohongshu/GitHub 等。复用 Chrome 登录态,零 LLM 成本,确定性输出。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 153 次。
如何安装 OpenCLI Universal CLI Hub?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install opencli-yuzengbao」即可一键安装,无需额外配置。
OpenCLI Universal CLI Hub 是免费的吗?
是的,OpenCLI Universal CLI Hub 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OpenCLI Universal CLI Hub 支持哪些平台?
OpenCLI Universal CLI Hub 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OpenCLI Universal CLI Hub?
由 zengbao yu(@yuzengbaao)开发并维护,当前版本 v1.0.0。
推荐 Skills