Web Access.Bak

所有联网操作必须通过此 skill 处理，包括：搜索、网页抓取、登录后操作、网络交互等。 触发场景：用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容（小红书、微博、推特等）、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。

This skill legitimately implements a local CDP proxy to drive your Chrome, which inherently gives it access to everything your browser session can see and do. Before installing or running it: - Only use if you fully trust the source; the repository is unknown and the homepage is missing. Review the full scripts yourself (especially cdp-proxy.mjs) or ask a trusted reviewer. - Understand the risks: the proxy can read pages where you're logged in, capture screenshots (including video frames), execute arbitrary JS in pages, and cause the browser to upload local files (setFiles). Any of these can leak credentials, private messages, or local files. - Avoid running against your primary browser profile. Prefer an isolated Chrome profile or a dedicated browser instance launched solely for this skill (or run inside a sandbox/VM). - If you must use it, do NOT enable the optional Jina usage for sensitive pages — it sends data to a third-party service. - The proxy listens on localhost:3456 by default; ensure only trusted local processes/users have access, and monitor /tmp/cdp-proxy.log for unexpected activity. - If you cannot audit the code, do not grant it persistent use; prefer one-off manual actions under supervision. Summary action: only proceed if you trust the author and can run the proxy in an isolated environment (separate Chrome profile or VM); otherwise treat this skill as high-risk for data-exfiltration.

Type: OpenClaw Skill Name: web-access-bak Version: 1.0.0 The skill provides a high-privilege automation framework that connects to the user's active Chrome instance via the Chrome DevTools Protocol (CDP), inheriting all active login sessions, cookies, and saved credentials. Key high-risk features implemented in `cdp-proxy.mjs` include arbitrary JavaScript execution (`/eval`), the ability to upload local files to web forms (`/setFiles`), and screen capturing. While these capabilities are aligned with the stated goal of advanced web interaction in `SKILL.md`, they create a significant attack surface for data exfiltration and unauthorized actions if the agent is targeted by prompt injection. The skill also starts a background proxy server on local port 3456 and encourages autonomous 'human-like' decision-making by the agent.