← 返回 Skills 市场
我的测试
作者
RingoRangers
· GitHub ↗
· v1.0.0
· MIT-0
261
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install test-outbound
功能描述
登录外呼系统并调用 save_session.py 保存浏览器会话到 auth.json。用于首次登录、会话失效或开始任务前重新准备登录态。
安全使用建议
Before installing or running this skill:
- Do not run anything until you have the actual save_session.py script from a trusted source. The registry package does not include it.
- Inspect save_session.py (and any code you obtain) carefully to ensure it does not send auth.json or credentials to external endpoints.
- Prefer providing credentials via a secure secrets mechanism rather than a plaintext login_credentials.json file; if you must use a file, restrict filesystem permissions and remove it after use.
- Treat auth.json as highly sensitive: store it securely, limit access, and rotate credentials if it may have been exposed.
- If you cannot review the script, consider creating a throwaway/test account to run the process first so long-lived credentials are not exposed.
- If you need the skill to be fully self-contained, request the publisher include save_session.py and a clear README describing exactly what the script does and any network endpoints it communicates with.
功能分析
Type: OpenClaw Skill
Name: test-outbound
Version: 1.0.0
The skill is designed to handle sensitive authentication data, including plaintext credentials (login_credentials.json) and browser session tokens (auth.json), which are high-value targets for exfiltration. It relies on an external script, save_session.py (the content of which was not provided for review), to automate login via Playwright. While the documentation describes a legitimate automation use case for an 'outbound system,' the management of authentication secrets and the lack of visibility into the script's logic present a significant security risk.
能力评估
Purpose & Capability
The description says the skill runs save_session.py to produce auth.json. However, no code files are included (no save_session.py). That makes the skill non-functional as delivered and requires the user to supply or obtain an external script. Requiring a separate script is not inherently malicious, but the absence is an important incoherence: the skill cannot do what it claims without an external artifact that the package does not provide or vouch for.
Instruction Scope
SKILL.md instructs the agent/user to prepare login_credentials.json and run python3 save_session.py which will open a browser, autofill credentials, and save auth.json. These steps are consistent with the stated purpose, but they involve handling highly sensitive data (account credentials and session cookies). The instructions do not specify where save_session.py should come from, what it does exactly, or any safeguards for storing/transmitting auth.json. There are no instructions that send data to external endpoints, but because the referenced script is absent, its behavior is unknown and could include exfiltration if obtained from an untrusted source.
Install Mechanism
No install spec is included (instruction-only skill). The README notes pip-installing Playwright and installing Chromium, which is appropriate for a Playwright-based session saver. Because nothing is downloaded or installed by the skill bundle itself, there is no immediate install-time risk from the registry package, but the user still must install third-party software manually.
Credentials
The skill declares no required environment variables and no primary credential, which is proportionate. However, it relies on a credentials file (login_credentials.json) provided by the user and produces auth.json containing cookies/session tokens — both sensitive. Storing credentials in a file (instead of ephemeral secrets) increases risk; the skill does not provide guidance on secure storage or access controls.
Persistence & Privilege
always is false and the skill does not request persistent presence or modify other skills. Autonomous model invocation is allowed by default but not combined with any other privilege escalation indicators here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install test-outbound - 安装完成后,直接呼叫该 Skill 的名称或使用
/test-outbound触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the outbound-login skill.
- Enables logging into the outbound call system and saving browser session to auth.json for later use.
- Guides users to prepare login credentials and manually handle captcha during login.
- save_session.py automates most of the login workflow except for captcha input.
- Requires Playwright and Chromium to be installed in the environment.
- Outputs session data as auth.json for downstream tasks.
元数据
常见问题
我的测试 是什么?
登录外呼系统并调用 save_session.py 保存浏览器会话到 auth.json。用于首次登录、会话失效或开始任务前重新准备登录态。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 261 次。
如何安装 我的测试?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install test-outbound」即可一键安装,无需额外配置。
我的测试 是免费的吗?
是的,我的测试 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
我的测试 支持哪些平台?
我的测试 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 我的测试?
由 RingoRangers(@ringorangers)开发并维护,当前版本 v1.0.0。
推荐 Skills