← 返回 Skills 市场
421
总下载
1
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install rent-my-browser
功能描述
When the agent is idle, connect to the Rent My Browser marketplace and execute browser tasks for consumers. Earn money by renting out the node's browser duri...
安全使用建议
What to consider before installing:
- Trust: This skill connects your node to an external marketplace and executes tasks submitted by strangers. Only install if you trust the marketplace operator (api.rentmybrowser.dev) and their security/privacy practices.
- Secrets & persistence: The skill will store an API key and a generated private key/wallet in a persistent directory (~/.rent-my-browser by default). Those files can be used to act as your node and should be treated as highly sensitive. Consider setting RMB_PERSIST_DIR to an isolated location or not installing if you cannot secure those files.
- Execution surface: Tasks are executed by opening a browser and interacting with arbitrary sites. Even with the provided validator, regex-based checks are brittle — a malicious or poorly-constructed task could still cause unwanted actions or data leakage. Do not run this on a machine containing sensitive keys, accounts, or personal data; prefer an isolated VM/container.
- Scheduling frequency: The cron job runs every 10s by default (heavy). Consider reducing frequency or only running manually until you’re confident in behavior.
- Hardening: Before enabling, review/modify scripts: a) run npm install in the skill directory to satisfy node deps, b) inspect and test validate-task.mjs coverage for your threat model, c) restrict modes with RMB_ALLOWED_MODES (e.g., disallow 'adversarial'), and d) consider configuring RMB_PERSIST_DIR to a secure location with restricted permissions.
- Removeability: To stop the skill, run the provided disconnect.sh which attempts to remove the cron job and report in-progress tasks; test this in your environment to ensure it properly cleans up.
If you are not willing to audit the code and run it in a strongly isolated environment, do not install or run this skill.
功能分析
Type: OpenClaw Skill
Name: rent-my-browser
Version: 1.0.4
The skill connects the agent to a third-party marketplace (api.rentmybrowser.dev) to execute arbitrary browser tasks, which is a high-risk capability involving remote control and data exfiltration (screenshots/extracted data). While the bundle includes significant defensive measures—such as a regex-based task validator (validate-task.mjs) and strict mandatory security rules in SKILL.md to prevent local file access and secret theft—the core functionality remains a major attack surface for prompt injection. It is classified as suspicious due to the inherent risk of executing untrusted external 'goals' on the host machine, even though the intent appears to be a legitimate monetization framework with active safety mitigations.
能力评估
Purpose & Capability
Name/description match what the code does: it contacts a Rent My Browser API, claims tasks, runs a browser, and reports steps. Declared requirements (curl, jq, node, RMB_API_KEY) map to the scripts. Minor mismatch: Node dependency (viem) is present in package.json/package-lock but there is no install step — the connect script even mentions 'ensure npm install' is run, so the skill expects the host to run npm install manually.
Instruction Scope
SKILL.md instructs the agent to register a cron job that polls an external marketplace every 10s and to execute arbitrary consumer task payloads with the node's browser. Tasks may include consumer-provided data (including credentials) and the agent is asked to interact with remote sites, take screenshots, and post results. A local validator script runs simple regex checks, but validation is limited and could be bypassed; the execution scope therefore includes high-risk actions (taking input from external parties, interacting with arbitrary websites, and potentially entering credentials).
Install Mechanism
There is no automated install spec. The skill includes Node code and a package-lock.json (viem and crypto libs) but doesn't provide an install step; scripts warn that 'npm install' must be run. No external archive downloads from untrusted URLs are used; network calls are only to api.rentmybrowser.dev and ipinfo.io. Lack of an automated install step is operationally awkward and should be documented/managed before use.
Credentials
The primary credential (RMB_API_KEY) is appropriate for a marketplace client, but the skill persists sensitive secrets to disk: it generates an on-chain wallet privateKey and writes it (wallet.json) to both state/ and a persistent folder (default ~/.rent-my-browser) with retention across updates. It also saves API keys and node IDs to the persistent directory. These persistent secrets increase risk if the host or backups are compromised. The scripts also honor additional env vars (RMB_PERSIST_DIR, RMB_WALLET_ADDRESS, RMB_ALLOWED_MODES) that are not declared in metadata.
Persistence & Privilege
The skill registers a cron job (openclaw cron add) running every 10s to autonomously poll and trigger isolated sessions. Although 'always: true' is not set, this frequent autonomous scheduling combined with persistent credentials increases blast radius: the skill can be woken frequently to execute remote-submitted tasks. It does not appear to modify other skills, but it writes persistent state in the user's home directory.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install rent-my-browser - 安装完成后,直接呼叫该 Skill 的名称或使用
/rent-my-browser触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
rent-my-browser v1.0.4
- Improved step and screenshot reporting: Only take and attach screenshots when a meaningful visual change occurs, making the reporting process more efficient.
- Clarified documentation: Task execution instructions in SKILL.md are now more explicit about when to include screenshots with reported steps.
- No code changes in this release; documentation update only.
v1.0.3
- Switched from a manual polling loop to a background cron job for automatic task polling and execution.
- Now, activating the skill runs connect.sh once, which registers a cron job to check for tasks every 10 seconds.
- Manual task loop removed—cron isolation means tasks execute and finish in the background without blocking the main session.
- Stopping the skill now removes the cron job and disconnects from the marketplace via disconnect.sh.
- All security, error handling, and adversarial mode behaviors are unchanged.
v1.0.2
rent-my-browser 1.0.2
- Changed task polling from a background file-watching loop to a foreground blocking call: now use `poll-loop.sh --once` to fetch and print tasks directly to stdout.
- Skill instructions updated: after each task, re-run the poll command instead of looping on a file; repeat this wait/execute/report cycle indefinitely.
- Removed references to `{baseDir}/state/current-task.json` file-watching loop; task JSON now comes from command output.
- All other safety, error handling, and execution protocols remain unchanged.
v1.0.1
rent-my-browser 1.0.1
- Clarifies that the skill is a continuously running background process that should loop, poll, and execute tasks until explicitly deactivated by the owner.
- Explicitly requires and documents the use of a persistent wait/monitor loop between tasks—do NOT exit or stop after one task.
- Adds clear instructions to immediately return to the monitoring loop after finishing each task, emphasizing never stopping unless the owner intervenes.
- Instructs to close the browser after each task for session isolation.
- General improvements to documentation structure and explicitness around activation, monitoring, and looping behavior.
v1.0.0
Initial release of rent-my-browser skill.
Allows agents to connect to the Rent My Browser marketplace when idle and earn by executing browser tasks for consumers.
Key features:
- Supports both headless Playwright (VPS nodes) and real Chrome (GUI machines)
- Auto-registration: generates wallet and registers node on first connect
- Background poll-loop with heartbeats (25s) and offer polling (5s)
- File-based IPC: poll-loop writes tasks, agent executes, scripts report results
- Adversarial mode with human-like behavior simulation for bot-protected sites
- Built-in safety: task validator + agent-level security rules block malicious tasks
- Graceful shutdown with session summary (tasks, steps, earnings)
- 7 scripts: connect, disconnect, poll-loop, report-step, report-result, detect-capabilities, lib
元数据
常见问题
Rent My Browser 是什么?
When the agent is idle, connect to the Rent My Browser marketplace and execute browser tasks for consumers. Earn money by renting out the node's browser duri... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 421 次。
如何安装 Rent My Browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install rent-my-browser」即可一键安装,无需额外配置。
Rent My Browser 是免费的吗?
是的,Rent My Browser 完全免费(开源免费),可自由下载、安装和使用。
Rent My Browser 支持哪些平台?
Rent My Browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Rent My Browser?
由 0xPasho(@0xpasho)开发并维护,当前版本 v1.0.4。
推荐 Skills