← 返回 Skills 市场
97
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install testsafe
功能描述
受限的瀏覽器自動化工具。僅用於導航網頁、截圖、提取公開資料與測試。嚴禁在未啟用安全邊界的情況下執行。
安全使用建议
This skill appears to implement a fairly powerful browser-automation workflow (snapshots, form automation, state save/load, JS eval, proxy routing, recording). That is coherent with its stated purpose, but be aware of these issues before you install or run it:
- Missing manifest declarations: The skill's docs reference sensitive environment variables (APP_USERNAME, APP_PASSWORD, AGENT_BROWSER_ENCRYPTION_KEY, AGENT_BROWSER_ALLOWED_DOMAINS, proxy envs) but the registry metadata lists none. Ask the publisher to declare required env vars and explain why each is needed.
- Secrets & state files: Templates save 'auth-state.json' files that contain session tokens/cookies. Treat these like secrets: store them only in a secure location, never commit them to source control, and delete them when no longer needed.
- Arbitrary JS eval: The command agent-browser eval (with base64 or stdin) lets the agent execute arbitrary JavaScript in page context — useful for scraping but also a vector for data exfiltration or executing untrusted code. Only run in an isolated, network-restricted environment and restrict which pages the skill can visit (use AGENT_BROWSER_ALLOWED_DOMAINS).
- Proxy and network routing: The skill supports configuring proxies and network routing. Malicious or misconfigured proxies can capture sensitive data or route traffic externally. Only use trusted proxies and validate proxy credentials are not leaked to the model or logs.
- Prompt/injection hygiene: The SKILL.md itself recommends setting AGENT_BROWSER_CONTENT_BOUNDARIES to mitigate prompt injection. Ensure those runtime guards are actually enforced in your agent environment, and avoid giving the agent unfettered access to pages with user-controllable content unless you have strong sandboxing.
- Practical steps: (1) Review the templates and run them first in a fully isolated sandbox (no sensitive network access). (2) Set and confirm AGENT_BROWSER_ALLOWED_DOMAINS before running automation against sensitive sites. (3) Do not expose APP_PASSWORD-style env vars to the model; prefer an external auth vault or ephemeral tokens. (4) If you cannot inspect or control the agent-browser binary that will be invoked, avoid using this skill.
Given missing manifest declarations and the presence of actions that handle secrets and arbitrary execution, treat this skill as 'suspicious' until the publisher clarifies required env vars, confirms safety boundaries are enforced in your runtime, and you verify the external agent-browser binary and runtime policies.
能力评估
Purpose & Capability
The name/description (restricted browser automation for navigation, screenshots, public-data extraction and testing) aligns with the provided commands, templates, and references. The included command set (navigation, snapshot, screenshot, form automation, proxy support, state save/load) is coherent for a browser automation skill.
Instruction Scope
SKILL.md and the reference files instruct the agent to run many potentially sensitive actions: saving/loading auth state files, using environment variables for credentials (APP_USERNAME/APP_PASSWORD), piping passwords, running arbitrary JavaScript via agent-browser eval (base64 or stdin), and configuring proxies/network routes. Those instructions go beyond simple public-data scraping and direct the agent to handle secrets and state files — actions that increase risk if done without explicit safeguards and are not constrained by the manifest.
Install Mechanism
No install spec is present (instruction-only), so nothing is fetched or written by an installer. The skill only supplies templates and docs; this is lower install risk. (That said, the agent will need the external 'agent-browser' binary at runtime, which is outside this skill's install scope.)
Credentials
The manifest declares no required environment variables or credentials, but SKILL.md and templates reference many env vars and secrets (AGENT_BROWSER_CONTENT_BOUNDARIES, AGENT_BROWSER_MAX_OUTPUT, AGENT_BROWSER_ALLOWED_DOMAINS, AGENT_BROWSER_ENCRYPTION_KEY, APP_USERNAME, APP_PASSWORD, HTTP_PROXY/HTTPS_PROXY, etc.). The skill uses state files that store session tokens and instructs piping passwords — these are sensitive and should be explicitly declared and justified in metadata. The absence of declared env requirements is a notable mismatch.
Persistence & Privilege
The skill is not marked always:true and does not request persistent, platform-wide privileges. It includes templates to save/restore session state (auth-state.json), but those operate on files the user creates; the skill does not modify other skill configs or claim elevated platform privileges. Model invocation is enabled (default) — normal for skills — but combined with the instruction scope risks (auth/state/proxy) this increases blast radius if misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install testsafe - 安装完成后,直接呼叫该 Skill 的名称或使用
/testsafe触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
修復了對瀏覽器的安全性
元数据
常见问题
test safe agent-browser 是什么?
受限的瀏覽器自動化工具。僅用於導航網頁、截圖、提取公開資料與測試。嚴禁在未啟用安全邊界的情況下執行。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。
如何安装 test safe agent-browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install testsafe」即可一键安装,无需额外配置。
test safe agent-browser 是免费的吗?
是的,test safe agent-browser 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
test safe agent-browser 支持哪些平台?
test safe agent-browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 test safe agent-browser?
由 janewert(@janewert)开发并维护,当前版本 v1.0.0。
推荐 Skills