← 返回 Skills 市场
web-access-openclaw
作者
ysyyrps777
· GitHub ↗
· v1.0.0
· MIT-0
855
总下载
1
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install web-access-openclaw
功能描述
所有联网操作必须通过此 skill 处理,包括:搜索、网页抓取、登录后操作、网络交互等。 触发场景:用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容(小红书、微博、推特等)、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。
安全使用建议
This skill appears to do what it claims (control your local Chrome to fetch/login/operate pages) but it grants powerful access: it connects to your real browser profile (so it can see logged-in sessions, cookies, pages), can run arbitrary JavaScript in page contexts, trigger uploads via local file paths, and runs a background HTTP proxy on your machine. Before installing or enabling it: 1) Verify the source: confirm the upstream GitHub repo and that the packaged files match the official project (the registry shows source unknown). 2) Review the cdp-proxy.mjs and check-deps.mjs code yourself (or have a trusted reviewer) — the code runs locally and exposes /eval which can read sensitive DOM data. 3) Restrict usage: prefer manual invocation and require explicit user confirmation for any write actions (posts, uploads, deletes); consider disabling autonomous invocation if you don't want the agent to call the skill without explicit prompts. 4) Run with an isolated Chrome profile (no sensitive logins) if you must use it, or only enable when needed; stop the proxy process when finished (or monitor localhost:3456 and the proxy log file). 5) If you cannot verify the package source or code, avoid installing or grant it minimal access (use a throwaway browser profile).
功能分析
Type: OpenClaw Skill
Name: web-access-openclaw
Version: 1.0.0
The skill provides an AI agent with deep control over a user's active Chrome browser session via a local CDP proxy (`scripts/cdp-proxy.mjs`). It includes high-risk capabilities such as executing arbitrary JavaScript in the browser context (`/eval`), capturing screenshots, and uploading local files to web forms (`/setFiles`). While these features are aligned with the stated purpose of advanced web automation and session reuse for sites like Xiaohongshu, they grant the agent full access to the user's logged-in accounts and sensitive browser data. No evidence of intentional malice or hardcoded exfiltration was found, but the powerful primitives provided represent a significant attack surface if the agent is compromised or misdirected.
能力评估
Purpose & Capability
The name/description (browser-backed web access, login-capable scraping and interaction) aligns with the included scripts and SKILL.md. The skill implements a local CDP proxy exposing endpoints to create background tabs, eval arbitrary JS, click, scroll, screenshot, and set file inputs — all coherent with the stated purpose.
Instruction Scope
Runtime instructions and bundled scripts read local Chrome debug info (DevToolsActivePort files), probe local TCP ports, start a local HTTP server (default localhost:3456), and instruct the agent to execute arbitrary JS inside pages via /eval. /setFiles lets the skill set local file paths into page file inputs (causes browser to upload files). These actions access local system state and user browser session data (cookies, auth), which is necessary for the skill's purpose but also expands the sensitive surface — the manifest did not declare local config path access even though the scripts read user paths.
Install Mechanism
No remote download/install step: this is an instruction + code bundle included in the skill. There are no external installers or arbitrary remote URLs being fetched at install time. The check-deps script may start a detached local Node process (cdp-proxy) and writes logs to the temp dir, which is expected for this functionality.
Credentials
The registry shows no required env vars or credentials, but runtime uses optional env vars (e.g., CDP_PROXY_PORT) and relies on the user's Chrome session (accessed via local DevTools/debug port). While this is functionally necessary, it effectively gives the skill access to logged-in site state and local browser resources — a high-privilege capability that is not expressed as explicit required credentials in the metadata.
Persistence & Privilege
The skill starts a detached, persistent local proxy process that keeps running and listens on localhost. always:false (not force-included) and disable-model-invocation:false (agent can call it autonomously). Autonomous invocation combined with the proxy's privileged access to browser sessions increases blast radius — the skill itself does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install web-access-openclaw - 安装完成后,直接呼叫该 Skill 的名称或使用
/web-access-openclaw触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Adapted web-access for OpenClaw custom skills, cleaned the published skill layout, validated Chrome CDP session reuse on Windows, and tested a real Xiaohongshu creator publish flow through the browser-backed skill.
元数据
常见问题
web-access-openclaw 是什么?
所有联网操作必须通过此 skill 处理,包括:搜索、网页抓取、登录后操作、网络交互等。 触发场景:用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容(小红书、微博、推特等)、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 855 次。
如何安装 web-access-openclaw?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install web-access-openclaw」即可一键安装,无需额外配置。
web-access-openclaw 是免费的吗?
是的,web-access-openclaw 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
web-access-openclaw 支持哪些平台?
web-access-openclaw 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 web-access-openclaw?
由 ysyyrps777(@ysyyrps777)开发并维护,当前版本 v1.0.0。
推荐 Skills