← 返回 Skills 市场

OpenWeb

Name: OpenWeb
Author: imoonkey

作者 imoonkey · GitHub ↗ · v0.1.5 · MIT-0

cross-platform ✓ 安全检测通过

162

总下载

当前安装

版本数

在 OpenClaw 中安装

/install openweb

功能描述

Typed JSON access to 90+ real websites — Google, Amazon, Reddit, YouTube, GitHub, Instagram, Bloomberg, Zillow, and more — across search, shopping, travel, f...

安全使用建议

This skill is coherent with its stated purpose (a CLI that drives a browser to read and interact with many websites), but it operates at a high privilege level: it expects to control a managed Chrome session, read cookies/localStorage/window globals, and can perform write actions on sites as your logged-in user. Before installing or enabling: - Inspect the npm package and upstream repository (https://github.com/openweb-org/openweb and https://getopenweb.com). Confirm the publisher and review recent code or package contents if possible. - Review $OPENWEB_HOME/config.json after installation before running: check for any surprising settings or embedded secrets, and keep this directory isolated (use a directory dedicated to openweb). - Consider running the CLI in a disposable environment or with an isolated browser profile (not your primary browser or profile) so captures and token reads don't touch your main sessions. - Treat write operations with caution: the docs say writes should prompt; keep an eye out for prompts and audit any agent actions that perform mutations. Avoid giving the agent blanket consent to run writes autonomously. - If you cannot audit the npm package source, avoid installing it on sensitive systems or provide it only to low-privilege test environments. If you want, I can: (1) list concrete checks to run on the npm package before install, (2) suggest a safe runtime setup (isolated Chrome profile, limited OPENWEB_HOME), or (3) help craft a minimal config.json template that avoids storing secrets.

功能分析

Type: OpenClaw Skill Name: openweb Version: 0.1.5 The `openweb` skill bundle is a comprehensive web automation framework designed to allow AI agents to interact with over 90 websites using a user's local authenticated browser session. It provides a structured environment for site discovery, traffic capture, and API curation, utilizing a clear permission model (`read`, `write`, `delete`, `transact`) to manage risks associated with state-changing actions. While the skill possesses broad capabilities to access sensitive data (such as DMs or profile information), these are strictly aligned with its stated purpose of bridging CLI and web interfaces, and the documentation includes explicit privacy assurances (no telemetry/exfiltration) and safety guidelines for developers (e.g., in `references/cli.md` and `add-site/guide.md`).

能力标签

cryptorequires-walletcan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials

能力评估

✓ Purpose & Capability

Name/description (typed JSON access to many websites) aligns with what the skill requests: a local 'openweb' CLI, an OPENWEB_HOME config, and per-site packages. The Node install spec (@openweb-org/openweb) and the CLI binary requirement are proportionate to the stated purpose.

ℹ Instruction Scope

SKILL.md instructs the agent to control a managed browser (CDP), read browser state (cookies, localStorage, window globals), inject tokens into page.evaluate(fetch(...)), capture HARs, and run read/write operations. These behaviors are expected for a site automation/adapter tool, but they are sensitive: the instructions explicitly describe extracting auth tokens and performing write actions (likes, follows, posts). The doc does include safety guidance (permission tiers, prompting for writes), but the agent will have access to browser sessions and can perform actions as the logged-in user if allowed.

ℹ Install Mechanism

Install is via npm package @openweb-org/openweb which produces the 'openweb' binary — a plausible and expected mechanism. NPM installs are a moderate risk compared to instruction-only skills because arbitrary code will be installed; verify the package source (repository, maintainer) before installing.

ℹ Credentials

Requires OPENWEB_HOME and a config file $OPENWEB_HOME/config.json, which is reasonable for a tool that needs site configs and permission settings. However, the config and the runtime browser access are sensitive: config.json may contain permission flags/overrides and the runtime will access cookies/localStorage and possibly secrets in your browser profile. No unrelated cloud credentials are requested, which is good.

✓ Persistence & Privilege

The skill is not 'always:true' and is user-invocable; autonomous invocation is allowed by platform default but not flagged here. The skill's runtime behavior does not request to modify other skills or system-wide agent settings. Normal install behavior (writing binaries) is declared in the npm install spec.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install openweb
安装完成后，直接呼叫该 Skill 的名称或使用 /openweb 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.1.6

v0.1.6 — security/transparency hardening: removed SessionStart auto-install hook; added Trust & Side Effects section to README; symmetric --uninstall now removes the global CLI; cleaned up plugin metadata.

v0.1.5

Add scope note to bot-detection.md clarifying legitimate site interoperability for the logged-in user (not access-control circumvention). Equivalent technical content appears in playwright, puppeteer-extra-plugin-stealth, patchright, yt-dlp.

v0.1.4

openweb 0.1.4 - Updated description to highlight typed JSON access to 90+ major websites, including new categories and operations (search, post, DMs, etc.). - Added license, compatibility, and metadata fields, including install instructions and project links. - Noted CLI requirements and key environment/config variables for runtime. - No code or file structure changes detected; documentation improvements only.

v0.1.3

**Agent-native way to access any website.** **Bridging agent CLI and web GUI through API.** Browser automation clicks buttons, reads pixels, and burns tokens. OpenWeb calls the same APIs the website calls. - **Fast, cheap, and token-efficient** — No screenshots, no vision API, no LLM-powered parsing. JSON in, JSON out. - **Minimal effort per operation** — Direct HTTP when it works, browser-backed fetch when the site requires it, and code adapters for maximal flexibility. The right transport per site, automatically — the caller never chooses or cares. - **Predictable, typed API** — Typed params, response schemas, and examples for every operation. - **Auth that just works** — Cookies, JWT, CSRF, request signing, exchange chains — auto-resolved per request. You never touch tokens. - **Safe by default** — Read, write, delete, and transact operations gated by permission tiers. SSRF protection on every request. - **Any site, any time** — 90+ sites out of the box across social, commerce, content, travel, finance, and more. Not listed? [Add it](#discover).

元数据

Slug openweb

版本 0.1.5

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

OpenWeb 是什么？

Typed JSON access to 90+ real websites — Google, Amazon, Reddit, YouTube, GitHub, Instagram, Bloomberg, Zillow, and more — across search, shopping, travel, f... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 162 次。

如何安装 OpenWeb？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openweb」即可一键安装，无需额外配置。

OpenWeb 是免费的吗？

是的，OpenWeb 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

OpenWeb 支持哪些平台？

OpenWeb 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 OpenWeb？

由 imoonkey（@imoonkey）开发并维护，当前版本 v0.1.5。