← 返回 Skills 市场
Surfagent Browser
作者
AgentOSsoftware
· GitHub ↗
· v1.0.0
· MIT-0
91
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install surfagent-browser
功能描述
Control a real Chrome browser from your AI agent — navigate, click, type, fill forms, extract content, manage tabs, and automate workflows via SurfAgent's RE...
安全使用建议
This skill lets an agent control a real Chrome browser on your machine, access logged-in sessions, run arbitrary page JS, fill forms (including credentials), and attempt CAPTCHA solves. Before installing: 1) Verify the SurfAgent daemon's provenance (download source, checksums, signing) and run it only if you trust it. 2) Find out how the Bearer token is issued/stored — do not provide agent or global secrets unless you intend to grant full browser control. 3) Prefer running SurfAgent with a dedicated, isolated Chrome profile (no saved passwords or personal sessions) or in a VM/container to limit exposure. 4) Ask the author why 'node' is required in metadata; it's not justified by the HTTP-only instructions. 5) Treat /browser/evaluate and content-extraction endpoints as high-risk: they can read and exfiltrate sensitive data, so only enable this skill for agents you trust and consider network/firewall rules that prevent unexpected outbound exfiltration. If you cannot confirm the daemon's trustworthiness or the token-management details, do not enable this skill.
功能分析
Type: OpenClaw Skill
Name: surfagent-browser
Version: 1.0.0
The surfagent-browser skill provides an extensive API for controlling a local Chrome instance, including high-risk functions like arbitrary JavaScript execution (/browser/evaluate), file system interaction (/browser/upload, /browser/download), and CAPTCHA solving. While these capabilities are consistent with the tool's stated goal of browser automation, they provide a broad primitive for potential abuse or unintended actions by an AI agent. The documentation in SKILL.md also instructs the agent to access a local credential file (~/.surfagent/daemon-token.txt) to authenticate with the local daemon.
能力评估
Purpose & Capability
The skill's stated purpose (control a real Chrome via SurfAgent REST API on localhost:7201) matches the API calls documented in SKILL.md. However the registry metadata lists node as a required binary even though the runtime examples use curl/HTTP; it's unclear why node is required. This mismatch is unexplained and unnecessary for an instruction-only HTTP client.
Instruction Scope
The instructions direct the agent to call a localhost REST API that controls a real Chrome with persistent cookies and sessions. The API includes endpoints for evaluating arbitrary JavaScript (/browser/evaluate), extracting page state and content, filling forms (including credentials), and solving CAPTCHAs. Those actions legitimately belong to a browser-control skill, but they also provide broad access to sensitive user data and the ability to act as the user. SKILL.md does not specify where or how the Bearer token is managed, nor does it constrain use of evaluate() which can be used to read any page data and exfiltrate it to the agent.
Install Mechanism
Instruction-only skill with no install spec and no code files — the lowest-risk install mechanism. Nothing is written to disk by the skill itself.
Credentials
The skill declares no required environment variables, yet it relies on a Bearer auth token for localhost:7201 calls — SKILL.md does not declare how the agent obtains that token or whether it should be provided via env. The declared requirement of the node binary is disproportionate given the HTTP-based instructions. The combination of missing token guidance and an unexplained binary requirement is inconsistent.
Persistence & Privilege
The skill is not set to always:true and uses normal autonomous invocation settings. That is appropriate. However the capability it triggers—control of the user's real Chrome with persistent cookies/sessions—gives the skill a high effective privilege (ability to access logged-in accounts and perform actions). This is a design-level risk (powerful capability) rather than a metadata misconfiguration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install surfagent-browser - 安装完成后,直接呼叫该 Skill 的名称或使用
/surfagent-browser触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of SurfAgent Browser skill: control a real Chrome via REST API.
- Enables navigation, clicking, typing, form filling, content extraction, screenshots, and tab management on a real Chrome browser from your agent.
- Provides robust API endpoints for automation, including navigation, interaction, state inspection, and file operations.
- Supports real browser sessions—persistent cookies and sessions emulate human browsing and bypass bot detection (unlike headless).
- Includes advanced features: CAPTCHA detection/solving, auto-blocker resolution, multi-field form filling, uploads/downloads, and browser lifecycle management.
- Comprehensive API documentation and usage patterns included for common automation scenarios.
元数据
常见问题
Surfagent Browser 是什么?
Control a real Chrome browser from your AI agent — navigate, click, type, fill forms, extract content, manage tabs, and automate workflows via SurfAgent's RE... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 91 次。
如何安装 Surfagent Browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install surfagent-browser」即可一键安装,无需额外配置。
Surfagent Browser 是免费的吗?
是的,Surfagent Browser 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Surfagent Browser 支持哪些平台?
Surfagent Browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Surfagent Browser?
由 AgentOSsoftware(@agentossoftware)开发并维护,当前版本 v1.0.0。
推荐 Skills