← 返回 Skills 市场
901
总下载
1
收藏
8
当前安装
1
版本数
在 OpenClaw 中安装
/install pinchtab-skills
功能描述
通过 PinchTab HTTP API 控制无头或有头 Chrome 浏览器,用于网页自动化、爬虫、表单填充、导航、截图和数据提取
安全使用建议
This skill is coherent with its stated purpose, but you must make operational choices carefully: 1) Do not point BRIDGE_PROFILE at your everyday Chrome profile — create and use an empty dedicated profile to avoid exposing saved logins. 2) Keep BRIDGE_BIND=127.0.0.1 and set BRIDGE_TOKEN if the service is reachable from any network; if you must bind publicly, restrict access with firewall rules. 3) Avoid disabling the Chrome sandbox (BRIDGE_NO_SANDBOX) unless you understand the risk. 4) There is no packaged installer or bundled binary — verify and obtain the pinchtab executable from a trusted source before running. 5) If you plan to allow an autonomous agent to call this API, consider limiting its permissions and monitoring requests/logs. If you want a deeper assessment, provide the pinchtab binary source or a release URL so I can evaluate install provenance and the binary itself.
功能分析
Type: OpenClaw Skill
Name: pinchtab-skills
Version: 1.0.0
The 'pinchtab' skill provides a browser automation framework via an HTTP API, allowing an AI agent to navigate, interact with elements, and extract data from web pages. It includes detailed security documentation (TRUST.md) advising on the use of dedicated profiles and authentication tokens to mitigate risks. No evidence of malicious intent, data exfiltration, or prompt injection was found; the high-risk capabilities (like JavaScript execution via the /eval endpoint) are standard for its stated purpose of web automation.
能力评估
Purpose & Capability
Name/description claim a local HTTP API to control Chrome; all included docs and examples show use of a local pinchtab binary and a local HTTP API on port 9867. The declared requirements are minimal (no env vars required by the registry), which matches the instruction-only nature of the skill. Nothing in the docs asks for unrelated services or secrets.
Instruction Scope
SKILL.md instructs the agent to start and call a local pinchtab process and to interact with its HTTP endpoints (navigate, snapshot, action, etc.). This stays within the stated browser-automation scope. Important caveat: the docs explicitly note that if you point PinchTab at a Chrome profile containing saved logins/cookies, the agent (and any callers of the API) can access authenticated sites. The instructions also encourage binding and tokens, which is good, but they implicitly permit disabling Chrome sandbox (BRIDGE_NO_SANDBOX) and changing bind address — both are powerful options that increase risk if misused.
Install Mechanism
There is no install spec — lowest-risk delivery in that nothing is written by the skill package itself. However, that means the skill expects an external 'pinchtab' binary already present; obtaining and verifying that binary is the user's responsibility. The documentation does not include a trusted download/source or release host; verify the origin of the pinchtab binary before running.
Credentials
The skill does not require unrelated secrets. Documented environment variables (BRIDGE_BIND, BRIDGE_PORT, BRIDGE_TOKEN, BRIDGE_PROFILE, BRIDGE_BLOCK_IMAGES, etc.) are relevant to its function. Two environment-related concerns to be aware of: (1) BRIDGE_PROFILE can give the process access to cookies/saved passwords if you point it at your daily Chrome profile; (2) BRIDGE_BIND set to 0.0.0.0 or omitting BRIDGE_TOKEN exposes the API to the network. The docs call these out, which is appropriate.
Persistence & Privilege
The skill is instruction-only and not always-enabled; it does not request persistent elevated platform privileges, nor does it modify other skills or global agent configuration. Autonomous invocation is allowed (platform default), which is expected for a skill that will make local HTTP calls; this increases blast radius only if you run the pinchtab service with an unsafe configuration (public bind, no token, or shared profile).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pinchtab-skills - 安装完成后,直接呼叫该 Skill 的名称或使用
/pinchtab-skills触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of pinchtab-skills 1.0.0:
- Introduces browser automation via the PinchTab HTTP API for navigation, crawling, form-filling, screenshots, and data extraction on local headless or GUI Chrome.
- Provides detailed CLI and HTTP API examples for interacting with web pages programmatically.
- Includes security guidance & best practices for running PinchTab safely and efficiently.
- Offers workflow samples, token optimization strategies, and multi-tab session handling.
- Documents all core commands, API endpoints, usage patterns, and environment variables.
元数据
常见问题
pinchtab-skill 是什么?
通过 PinchTab HTTP API 控制无头或有头 Chrome 浏览器,用于网页自动化、爬虫、表单填充、导航、截图和数据提取. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 901 次。
如何安装 pinchtab-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pinchtab-skills」即可一键安装,无需额外配置。
pinchtab-skill 是免费的吗?
是的,pinchtab-skill 完全免费(开源免费),可自由下载、安装和使用。
pinchtab-skill 支持哪些平台?
pinchtab-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 pinchtab-skill?
由 张贝(@hellotombruce)开发并维护,当前版本 v1.0.0。
推荐 Skills