← 返回 Skills 市场
flyinghanger

Use My Browser

作者 flyinghanger · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
633
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install use-my-browser
功能描述
Control the user's REAL Chrome browser via Tampermonkey injection. Trigger when user says "use my browser", "open in my browser", "check this page for me", o...
安全使用建议
This skill is coherent with its description but potentially dangerous: it instructs running arbitrary JavaScript inside your real Chrome sessions (sharing cookies and logins) by installing a third‑party Tampermonkey userscript. Before installing or using it: (1) review the exact userscript source on GitHub line-by-line to ensure it doesn't exfiltrate data or phone home; (2) inspect the openclaw-tmwd plugin's code and npm page; (3) avoid using it on sensitive sites (banking, email, etc.) and consider testing with a throwaway profile; (4) require explicit human confirmation before the agent performs actions that submit forms or read private pages; and (5) if you cannot fully audit the userscript/plugin, do not install — the capability to act with your browser's auth is equivalent to giving the skill powerful access to your accounts.
功能分析
Type: OpenClaw Skill Name: use-my-browser Version: 1.0.0 The skill provides tools to control the user's active Chrome browser and execute arbitrary JavaScript (`tmwd_exec`) within the context of authenticated web sessions, sharing all cookies and login states. While these high-risk capabilities are aligned with the stated purpose of browser automation, they create a significant attack surface for session hijacking and data exfiltration. Additionally, the setup requires installing a third-party userscript from a GitHub repository (lsdefine/pc-agent-loop), which introduces supply chain risks.
能力评估
Purpose & Capability
The name/description match the instructions: the skill explicitly instructs the agent to control the real Chrome browser via a Tampermonkey userscript and an openclaw plugin. Reusing login sessions is part of the stated purpose, so the requested capabilities are coherent with the skill's stated goal.
Instruction Scope
The SKILL.md instructs the agent to execute arbitrary JavaScript in pages (tmwd_exec), read visible text, and interact with DOM elements. That grants the agent the ability to access cookies, localStorage, and any data the logged-in browser session can access (including sensitive pages). The instructions do not impose scope limits, per-action confirmation, or safe-usage constraints; they also provide examples that could be used to exfiltrate data (e.g., arbitrary JS with fetch/XHR).
Install Mechanism
There is no packaged install spec, but the SKILL.md tells the user to install an openclaw plugin and to install a Tampermonkey userscript from a raw.githubusercontent.com URL (owner: lsdefine). Pulling and running an external userscript is high-risk: the script runs with page privileges and comes from a third-party account with no homepage or trust signals in the skill metadata. This is disproportionate unless the userscript and plugin are audited by the user.
Credentials
The skill requests no environment variables or system credentials, which is proportionate. However, it depends on browser-level credentials (cookies/session state) implicitly; those are effectively powerful secrets because the skill reuses the user's login sessions and can act as the user on visited sites.
Persistence & Privilege
always is false (good), but the agent may invoke the skill autonomously. Combined with the skill's ability to run arbitrary JS in the user's active browser session, this increases the blast radius: an autonomously-invoked agent could perform actions in the user's identity without per-action confirmation. The SKILL.md does not require explicit user confirmation for actions that interact with sites or submit forms.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install use-my-browser
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /use-my-browser 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
Slug use-my-browser
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Use My Browser 是什么?

Control the user's REAL Chrome browser via Tampermonkey injection. Trigger when user says "use my browser", "open in my browser", "check this page for me", o... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 633 次。

如何安装 Use My Browser?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install use-my-browser」即可一键安装,无需额外配置。

Use My Browser 是免费的吗?

是的,Use My Browser 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Use My Browser 支持哪些平台?

Use My Browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Use My Browser?

由 flyinghanger(@flyinghanger)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论