← 返回 Skills 市场
83
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install phone-chrome-cdp
功能描述
Control Android Chrome via ADB and raw WebSocket CDP. No Playwright needed for navigate, JS injection, cookies, DOM, scroll, click.
安全使用建议
This skill appears to do exactly what it claims, but it grants strong access to the phone's browser: it shows how to run JS in pages and read httpOnly cookies, and it suggests exposing the DevTools port to the LAN. Before using it, consider:
- Only run these instructions on devices and networks you trust. Exposing Chrome DevTools (localhost:9222) to other hosts lets anyone on that network fully control the browser and read sensitive data.
- Prefer keeping the DevTools endpoint bound to localhost and use an authenticated tunnel (SSH/VPN) if remote access is required, instead of opening it directly to the LAN.
- The SKILL.md recommends omitting the Origin header to bypass browser rejection — this is deliberate to connect over ADB but removes a browser protection; be careful when reusing code or adapting it for other environments.
- The steps let you read cookies (including httpOnly) and DOM contents and perform clicks/navigation — treat outputs as sensitive and avoid sending them to untrusted endpoints.
- Because this is instruction-only, the skill itself doesn't install code, but it runs shell commands (adb, curl) and provides Python code you or an agent would execute. Only run the provided code after reviewing and, if possible, running in an isolated environment.
If you want to proceed safely: restrict port forwarding to localhost, avoid direct LAN exposure, require explicit confirmation before any action that forwards ports or reads cookies, and audit any network forwarding tools used for sharing.
功能分析
Type: OpenClaw Skill
Name: phone-chrome-cdp
Version: 1.0.0
The skill provides low-level control over Android Chrome via ADB and raw WebSocket communication, specifically bypassing security headers (Origin) to interact with the Chrome DevTools Protocol. It includes high-risk capabilities such as exfiltrating all browser cookies (including httpOnly) and executing arbitrary JavaScript via 'Runtime.evaluate' and 'Network.getAllCookies' in SKILL.md. While these functions are aligned with the stated purpose of mobile browser automation, the combination of ADB shell access and raw socket manipulation for sensitive data access warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description (control Chrome on Android via ADB + CDP) match the SKILL.md: it shows adb port forwarding, listing tabs via /json, and a Python CDP client to send CDP commands. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
The instructions stay on-topic (start Chrome via ADB, forward devtools socket, manually implement WebSocket frames, call CDP methods, use adb screencap). However the doc explicitly (1) instructs bypassing browser protections by omitting Origin headers, (2) shows how to read httpOnly cookies and execute arbitrary JS in pages, and (3) encourages exposing localhost:9222 to the LAN via port-forwarding — all of which are legitimate for a CDP tool but are powerful and sensitive operations. The instructions do not include explicit steps to exfiltrate data, but the provided code and commands give full ability to read cookies, DOM, and perform actions, so operator caution is needed.
Install Mechanism
There is no install spec and no code files beyond SKILL.md; the skill is instruction-only. That minimizes filesystem/installation risk because nothing will be written/installed by a package step in the skill bundle itself.
Credentials
The skill does not request environment variables, credentials, or config paths. The operations it performs (adb, local HTTP/WebSocket to Chrome DevTools) do not require additional external credentials declared by the skill, so the lack of requested secrets is proportionate.
Persistence & Privilege
The skill is not always-enabled, does not request persistent presence, and contains no instructions to modify other skills or global agent config. Autonomous invocation is allowed (platform default) but not combined with other privilege escalation requests.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install phone-chrome-cdp - 安装完成后,直接呼叫该 Skill 的名称或使用
/phone-chrome-cdp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
🎉 Initial release: Control Android Chrome via ADB + raw WebSocket CDP. Zero dependencies.
元数据
常见问题
Phone Chrome CDP 是什么?
Control Android Chrome via ADB and raw WebSocket CDP. No Playwright needed for navigate, JS injection, cookies, DOM, scroll, click. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 83 次。
如何安装 Phone Chrome CDP?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install phone-chrome-cdp」即可一键安装,无需额外配置。
Phone Chrome CDP 是免费的吗?
是的,Phone Chrome CDP 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Phone Chrome CDP 支持哪些平台?
Phone Chrome CDP 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Phone Chrome CDP?
由 老实人(@laolaoshiren)开发并维护,当前版本 v1.0.0。
推荐 Skills