← 返回 Skills 市场
322
总下载
0
收藏
1
当前安装
4
版本数
在 OpenClaw 中安装
/install ubuntu-browser-session
功能描述
Use when a request needs a real Ubuntu Server browser session with durable site login reuse, bounded manual login recovery, or host-side page inspection for...
安全使用建议
This skill appears to do what it says: managing and reusing a local Ubuntu host browser session and offering a bounded manual noVNC takeover. Before installing or giving it runtime access, consider the following:
- Persistent session data: it stores profiles and manifests under ~/.agent-browser. If that directory already contains logged-in browser sessions (GitHub, Google, etc.), the skill will reuse them automatically—review or isolate those profiles if you don't want automated agent access to those accounts.
- noVNC exposure: the scripts can expose noVNC URLs and have an explicit LAN mode (0.0.0.0). If you enable LAN access, anyone who can reach the host and the port may view/control the browser. Prefer the loopback URL + SSH port-forwarding, and ensure firewall rules prevent unwanted LAN exposure.
- Sensitive page content: CDP snapshot/eval tools read structured page content (DOM, links, text). Treat the skill as having full read access to any page loaded in the browser (including possibly secrets visible in the DOM). Use dedicated test accounts or an isolated VM if handling sensitive logins.
- Audit and harden: inspect ~/.agent-browser after use, consider running the skill in a disposable VM/container, and ensure only trusted agents are allowed to invoke it autonomously. If you want stricter behavior, modify the scripts to refuse LAN binding, require explicit user confirmation before reusing a stored session, or store profiles in a device-encrypted location.
Overall, the skill is coherent with its purpose but carries expected privacy/availability risks (persistent local sessions and optional LAN VNC exposure) that you should manage before enabling it in a production environment.
功能分析
Type: OpenClaw Skill
Name: ubuntu-browser-session
Version: 1.0.3
The skill bundle implements a persistent browser automation framework using Chrome, Xvfb, and noVNC. It is classified as suspicious because scripts/assisted-session.sh and scripts/browser-runtime.sh configure x11vnc with the '-nopw' (no password) flag and bind websockify to '0.0.0.0', effectively exposing an unauthenticated remote GUI session to the network. While this is documented as a 'manual login recovery' feature, the implementation lacks any authentication or encryption for the VNC/noVNC streams, creating a significant risk of unauthorized remote access and session hijacking if the host firewall is not strictly configured.
能力评估
Purpose & Capability
The name/description (durable host browser sessions, one-per-site identity model, bounded manual takeover) matches the included scripts and helpers: session registry, profile resolution, browser runtime, noVNC-assisted takeover, and CDP-based page inspection. There are no unexpected cloud APIs or unrelated credentials requested.
Instruction Scope
Runtime instructions operate on local browser profiles (~/.agent-browser), start Xvfb/x11vnc/websockify and a browser, use CDP to inspect and snapshot pages, and provide loopback and LAN noVNC URLs for manual login. This is coherent with purpose, but it explicitly supports exposing noVNC on LAN (0.0.0.0) and persists captured session state and profiles on disk—both of which can leak sensitive page contents or active logins if network or filesystem access is not tightly controlled.
Install Mechanism
There is no install spec or remote download; the skill is provided as scripts bundled with the skill. It relies on system-installed binaries (Xvfb, x11vnc, websockify, Chrome/Chromium, curl, jq, python3) as documented in SKILL.md. No external code fetching or archive extraction is present.
Credentials
No environment variables or external credentials are required. The scripts read/write files under the user's home (~/.agent-browser) and rely on local binaries—these are necessary for the stated goal of durable local browser sessions.
Persistence & Privilege
The skill persists profiles, manifests, and a site-session registry under ~/.agent-browser and will reuse logged-in sessions automatically per its rules. It does not declare always:true. However, because it can be invoked autonomously by agents and can access stored browser sessions, it effectively grants the agent ongoing access to any accounts already stored in those profiles unless the host or user restricts it.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ubuntu-browser-session - 安装完成后,直接呼叫该 Skill 的名称或使用
/ubuntu-browser-session触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Add forum/search-result enhancements (topic-links, click-link-text), safe profile lock cleanup, visibility filtering, version tracking in SKILL.md frontmatter.
v1.0.2
Keep the public package minimal and aligned with the renamed repository identity.
v1.0.1
Align repository and public identity under ubuntu-browser-session.
v1.0.0
Initial clean public release of the Ubuntu browser session workflow.
元数据
常见问题
Ubuntu Browser Session 是什么?
Use when a request needs a real Ubuntu Server browser session with durable site login reuse, bounded manual login recovery, or host-side page inspection for... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 322 次。
如何安装 Ubuntu Browser Session?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ubuntu-browser-session」即可一键安装,无需额外配置。
Ubuntu Browser Session 是免费的吗?
是的,Ubuntu Browser Session 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ubuntu Browser Session 支持哪些平台?
Ubuntu Browser Session 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ubuntu Browser Session?
由 GoGoLin(@linsuisheng034)开发并维护,当前版本 v1.0.3。
推荐 Skills