← 返回 Skills 市场
904
总下载
0
收藏
16
当前安装
1
版本数
在 OpenClaw 中安装
/install page-agent
功能描述
Enhanced browser DOM manipulation using PageAgent's page-controller. Injects into any web page to provide precise DOM extraction, interactive element detecti...
安全使用建议
This skill appears to do what it says (inject PageAgent/PageController into pages) but exercise caution before installing or running it. Practical points to check before use: 1) The SKILL.md and scripts assume you can run 'node' and bash and access a local CDP endpoint (default http://127.0.0.1:18800) — the registry metadata did not declare these required binaries or Node modules (e.g., 'ws'), so ensure your environment meets these requirements. 2) The injected API exposes execJS and can read and manipulate any page DOM — only run it against pages you control or in an isolated browser profile; do not use it on sites containing sensitive data unless you trust the skill. 3) Review the bundled JS yourself (or run in a disposable environment) because arbitrary JS will be evaluated in target pages. 4) Prefer the provided isolated profile option (profile="openclaw") and avoid exposing the CDP endpoint to untrusted networks. If you want to proceed, ask the publisher to update metadata to list Node and any required modules/binaries so requirements are explicit.
功能分析
Type: OpenClaw Skill
Name: page-agent
Version: 1.0.0
The skill provides high-privilege browser automation capabilities by injecting code via the Chrome DevTools Protocol (CDP) and exposing an arbitrary JavaScript execution interface. Specifically, `scripts/page-controller.js` uses `eval()` to implement its `executeJavascript` function, and `scripts/inject-cdp.mjs` facilitates the injection of arbitrary logic into browser targets. While these features align with the stated purpose of 'enhanced DOM manipulation' and appear to be based on the legitimate 'alibaba/page-agent' library, the lack of input sanitization and the inclusion of RCE-capable primitives pose a significant security risk if the agent is manipulated. No evidence of intentional data exfiltration or backdoors was found.
能力评估
Purpose & Capability
The name/description and included files align: the skill injects PageController into pages and exposes a window.__PA__ API for precise DOM operations. However the SKILL.md and files expect you to run Node/Bash scripts (node, bash, and a Node WebSocket module like 'ws' or Node 22+ global WebSocket) and to talk to a local CDP endpoint, but registry metadata declares no required binaries/dependencies. The missing declaration for required runtime tools (node, possibly npm modules) and the implicit need for a local CDP endpoint (default 127.0.0.1:18800) is an incoherence that affects install/run expectations.
Instruction Scope
Runtime instructions are consistent with the stated purpose: inject library via CDP, call getState(), click/input/select/scroll, re-read state. The API includes execJS(script) which enables executing arbitrary JavaScript inside the target page — this is expected for a page-manipulation tool but also means the agent (or any user following the instructions) can read any page DOM, including sensitive logged-in content, and run scripts that could exfiltrate data if misused. The SKILL.md does not instruct or attempt to exfiltrate externally, which is appropriate, but the capability itself is powerful and should be used only on pages you trust or in isolated profiles as suggested.
Install Mechanism
There is no install spec (instruction-only) and the code files are bundled with the skill. That is consistent with an instruction-first skill. The inject scripts run at user invocation; nothing in the install spec downloads code from remote URLs or writes installers to disk automatically.
Credentials
The skill requests no environment variables or credentials, and the bundled code does not itself reference external API keys. The only environmental requirement implicit in the scripts is access to a local CDP endpoint (defaulting to http://127.0.0.1:18800) and a working Node runtime (and possibly the 'ws' module). Those are reasonable for a browser-injection tool but should have been declared.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills/config. It injects into pages only when you run the provided injection commands; no autonomous or always-on privilege escalation is apparent.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install page-agent - 安装完成后,直接呼叫该 Skill 的名称或使用
/page-agent触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Alibaba PageAgent v1.5.6 DOM manipulation skill with CDP injection, cursor:pointer heuristic, React-compatible input, full event chain simulation
元数据
常见问题
PageAgent Browser Enhancement 是什么?
Enhanced browser DOM manipulation using PageAgent's page-controller. Injects into any web page to provide precise DOM extraction, interactive element detecti... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 904 次。
如何安装 PageAgent Browser Enhancement?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install page-agent」即可一键安装,无需额外配置。
PageAgent Browser Enhancement 是免费的吗?
是的,PageAgent Browser Enhancement 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
PageAgent Browser Enhancement 支持哪些平台?
PageAgent Browser Enhancement 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 PageAgent Browser Enhancement?
由 DongDong(@dongdongbear)开发并维护,当前版本 v1.0.0。
推荐 Skills