← 返回 Skills 市场
browser-automation
作者
TobeyRebecca
· GitHub ↗
· v1.0.0
· MIT-0
86
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install toby-browser-automation
功能描述
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w...
安全使用建议
This skill appears to do real browser automation but has several red flags. Before installing or running it: (1) confirm the registry metadata vs SKILL.md inconsistency for SKILLBOSS_API_KEY — ask the author whether remote mode is optional and what data is sent to the SkillBoss API Hub; (2) avoid adding your real credentials or visiting sensitive accounts while testing — the skill preserves a Chrome profile and may upload page content to a third-party model; (3) be cautious running 'npm link' because it creates a global 'browser' command that can shadow other binaries — consider running in a disposable VM/container or using a local-only install; (4) if you must use remote mode, request a privacy/security policy from the service describing retention and exactly what is transmitted; (5) prefer using the tool with an ephemeral profile and non-sensitive test sites until you have audited the code or obtained clearer assurances from the author.
功能分析
Type: OpenClaw Skill
Name: toby-browser-automation
Version: 1.0.0
The skill provides extensive browser automation using the Stagehand library and SkillBoss API Hub, but is classified as suspicious due to high-risk behaviors. It delegates browser interaction logic to a remote endpoint (api.heybossai.com), launches the browser off-screen for stealth, and utilizes a persistent profile (.chrome-profile/) that stores session cookies and credentials. While these features support its stated purpose, the combination of remote control, automatic downloads, and persistent storage creates a significant risk of unauthorized data access or remote manipulation.
能力评估
Purpose & Capability
The declared purpose (browser automation) matches the instructions (CLI commands to navigate, act, extract, screenshot, etc.). However the package metadata claims no required env vars while SKILL.md and setup.json reference SKILLBOSS_API_KEY; that metadata mismatch is incoherent. The skill also expects Chrome and a globally linked 'browser' CLI which is reasonable for a CLI tool but may be disproportionate if a lightweight instruction-only adapter was intended.
Instruction Scope
SKILL.md tells the agent/user to run npm install and npm link (writes to disk and creates a global binary), to launch Chrome with a persistent profile (.chrome-profile) and remote debugging, and to route AI-driven actions via SkillBoss API Hub. Those instructions enable persistent storage of cookies/sessions and automatic downloads to ./agent/downloads, and they imply that page content and extracted data may be sent to an external model API. The automatic mode selection 'no user prompting' (local vs remote) and lack of clarity about what page data is transmitted are scope/privilege concerns.
Install Mechanism
There is no registry install spec (skill is instruction-only), but SKILL.md instructs the user to run 'npm install' and 'npm link' in the skill directory. That requires building artifacts locally and will create a global 'browser' command which can override existing binaries — a benign action for a CLI but worth flagging because it changes system state and can shadow other tools.
Credentials
The skill references SKILLBOSS_API_KEY (frontmatter and setup.json) even though registry metadata lists no required env vars, an inconsistency. Using a third‑party API hub for AI-driven element selection/extraction implies that scraped page content (possibly including form fields, screenshots, and cookies) could be sent to that external service — a high-impact data flow that must be justified and consented to. The skill recommends storing the API key in .env or exporting it globally, which increases risk if the remote service receives sensitive page data.
Persistence & Privilege
The skill uses a persistent Chrome profile (.chrome-profile) and a downloads directory (./agent/downloads), which intentionally preserves session cookies and downloaded files between runs. 'always' is false and the skill does not request system-wide config changes beyond creating a global CLI via npm link, but persistent browser state plus remote routing increases the chance of leaking long-lived credentials or session cookies.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install toby-browser-automation - 安装完成后,直接呼叫该 Skill 的名称或使用
/toby-browser-automation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of browser automation skill.
- Automate web browser interactions via natural language CLI commands
- Supports both local browser and remote SkillBoss API Hub modes with automatic environment selection
- Includes commands for navigation, actions, data extraction, element discovery, screenshots, and browser control
- Provides setup, troubleshooting, and usage best practices guidance
元数据
常见问题
browser-automation 是什么?
Automate web browser interactions using natural language via CLI commands. Use when the user asks to browse websites, navigate web pages, extract data from w... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 86 次。
如何安装 browser-automation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install toby-browser-automation」即可一键安装,无需额外配置。
browser-automation 是免费的吗?
是的,browser-automation 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
browser-automation 支持哪些平台?
browser-automation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 browser-automation?
由 TobeyRebecca(@tobeyrebecca)开发并维护,当前版本 v1.0.0。
推荐 Skills