← 返回 Skills 市场
malac12

Silmaril Ranger

作者 Malac12 · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
378
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install silmaril-cdp
功能描述
Browser automation, DOM inspection, page mutation, wait orchestration, flow execution, and local proxy override work through the Silmaril Chrome DevTools Pro...
安全使用建议
This skill is coherent for local browser automation, but you should take three precautions before using it: (1) Review the GitHub repository contents (Malac12/CDP-tools) before cloning or running any scripts — silmaril.cmd will invoke PowerShell with ExecutionPolicy Bypass which will execute code on your machine. (2) Avoid using eval-js and proxy commands unless you fully trust the target site and understand MITM risks; do not set SILMARIL_ALLOW_UNSAFE_JS or SILMARIL_ALLOW_MITM globally unless in a controlled/trusted environment. (3) Run initial experiments in an isolated environment (VM or disposable account) and verify the exact local paths (docs contain typos like 'silmairl') before granting approval to fetch or execute remote code.
功能分析
Type: OpenClaw Skill Name: silmaril-cdp Version: 1.0.2 The skill bundle provides a wrapper for the 'Silmaril CDP' toolkit, which includes high-risk capabilities such as arbitrary JavaScript execution (eval-js) and local traffic interception/modification via mitmproxy (proxy-override). It instructs the agent to download the toolkit from an external GitHub repository (github.com/Malac12/CDP-tools.git) and executes commands using PowerShell with 'ExecutionPolicy Bypass'. While the instructions include safety warnings and require explicit flags for risky actions, the combination of remote code fetching, traffic manipulation, and hardcoded local paths (e.g., C:\Users\hangx\) warrants a suspicious classification.
能力评估
Purpose & Capability
Name/description (CDP browser automation, DOM reading/mutation, flows, local proxy overrides) matches the SKILL.md and reference files. The instructions, commands, and referenced files all relate to driving a local Silmaril CDP toolkit; nothing requests unrelated cloud credentials or unrelated binaries.
Instruction Scope
The SKILL.md instructs the agent to locate and run a local silmaril.cmd and, if missing, to clone https://github.com/Malac12/CDP-tools.git after explicit user approval. It explicitly calls out high-risk commands (eval-js and proxy commands) and recommends flags or env vars to limit risk. The skill does not instruct reading unrelated system files or exfiltrating data, but it does rely on executing PowerShell scripts (silmaril.cmd) which will run code on the host — review is advised.
Install Mechanism
There is no formal install spec; the skill is instruction-only. The suggested install uses git clone from a GitHub repository (a well-known host), and the SKILL.md insists on explicit user approval before fetching remote code. This is acceptable but the actual repository contents must be reviewed prior to running. The file paths in the docs contain typos (e.g., 'D:\silmairl cdp') which merit attention.
Credentials
The skill does not require environment variables or credentials. It documents optional environment toggles (SILMARIL_ALLOW_UNSAFE_JS, SILMARIL_ALLOW_MITM) for enabling risky behaviors; these are optional and their use is appropriately cautioned in the instructions.
Persistence & Privilege
always is false, no install-time persistence is requested by the skill itself, and there is no instruction to modify other skills or system-wide settings beyond running the local toolkit. Autonomous model invocation is enabled by default but is not combined with other privilege-escalating requests.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install silmaril-cdp
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /silmaril-cdp 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
### Security - Added explicit safeguard enforcement for high-risk commands. - eval-js now requires --allow-unsafe-js, or SILMARIL_ALLOW_UNSAFE_JS=1 in a trusted local session. - proxy-override, proxy-switch, and openurl-proxy now require --allow-mitm, or SILMARIL_ALLOW_MITM=1 in a trusted local session. - Proxy helper commands now enforce loopback-only binding by default. Non-local proxy binding requires explicit --allow-nonlocal-bind. ### Changed - Updated eval-js to record the safeguard acknowledgement source in JSON output. - Updated proxy commands to record the safeguard acknowledgement source in JSON output. - Updated dispatcher help text to show the new safeguard flags in command usage. - Updated the openurl-proxy missing-rules guidance to show the new --allow-mitm requirement. ### Documentation - Updated the silmaril-cdp skill documentation to mark eval-js, proxy-override, proxy-switch, and openurl-proxy as high-risk commands. - Added guidance that cloning or installing the toolkit should only happen after explicit user approval. - Updated command examples in the skill references, COMMAND_GUIDE.md, and MITM docs to include the new safeguard flags. - Documented the new environment variable overrides for trusted local sessions. ### Tests - Added unit tests for high-risk safeguard enforcement on eval-js, openurl-proxy, proxy-override, and proxy-switch. - Added unit tests for shared helper behavior covering truthy opt-in values and loopback host validation. - Verified the unit test suite passes after the safeguard changes.
v1.0.1
- Removed four reference and agent files, including documentation and configuration (openai.yaml, command-patterns.md, flows.md, proxy.md). - Updated documentation to add a section on installing the toolkit if missing, with Windows setup instructions. - Default workflow, operating rules, and command selection remain unchanged. - References to removed Markdown files are still mentioned in documentation.
v1.0.0
Initial release of Silmaril CDP skill. - Enables browser automation using Silmaril's Chrome DevTools Protocol toolkit. - Supports DOM inspection, page mutation, wait orchestration, flow execution, and local proxy management. - Details preferred command usage and best practices for stable automation. - Provides guidance on toolkit location, PowerShell invocation, and workflow steps. - Includes references to example command patterns, flows, and proxy configurations.
元数据
Slug silmaril-cdp
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Silmaril Ranger 是什么?

Browser automation, DOM inspection, page mutation, wait orchestration, flow execution, and local proxy override work through the Silmaril Chrome DevTools Pro... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 378 次。

如何安装 Silmaril Ranger?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install silmaril-cdp」即可一键安装,无需额外配置。

Silmaril Ranger 是免费的吗?

是的,Silmaril Ranger 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Silmaril Ranger 支持哪些平台?

Silmaril Ranger 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Silmaril Ranger?

由 Malac12(@malac12)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论