Web Access Skill

所有联网操作必须通过此 skill 处理，包括：搜索、网页抓取、登录后操作、网络交互等。 触发场景：用户要求搜索信息、查看网页内容、访问需要登录的网站、操作网页界面、抓取社交媒体内容（小红书、微博、推特等）、读取动态渲染页面、以及任何需要真实浏览器环境的网络任务。

This skill legitimately implements full-browser automation by attaching to your Chrome via the DevTools protocol, but that capability is powerful: it can read any page your browser can see (including logged-in pages), run arbitrary JavaScript in page contexts, take screenshots, and programmatically set local file paths into file inputs (enabling file uploads). Before installing, consider these precautions: - Only enable this skill if you understand and trust the code author; repository homepage is missing and origin is unknown — review the scripts yourself or from a trusted reviewer. - Do not enable it against your regular Chrome profile that contains sensitive logins. Instead create and use a separate Chrome instance/profile launched with --remote-debugging-port for the skill, or run it against a disposable browser. - Be aware the skill will start a detached background Node process (cdp-proxy) that remains running until killed; you can stop it with pkill -f cdp-proxy.mjs or by locating the process. Review the log file in OS temp directory if troubleshooting. - If you must use it, restrict autonomous invocation: prefer manual user-invocation and deny always:true or unrestricted autonomous use. Limit what data the agent is allowed to fetch (avoid instructing it to access private accounts or upload local files). - If you cannot audit the code, avoid installing or run it in an isolated environment (VM/container) and inspect network and file activity while testing. If you want, I can list the exact code locations that allow high-risk actions (e.g., /eval, /setFiles, reading DevToolsActivePort, detached process launch) so you can review them more closely.

Type: OpenClaw Skill Name: web-access-skill Version: 1.0.0 The skill implements a CDP (Chrome DevTools Protocol) proxy (`cdp-proxy.mjs`) that grants the AI agent full control over the user's active Chrome browser, including access to authenticated sessions and cookies. Key high-risk features include the ability to execute arbitrary JavaScript in any tab (`/eval`), capture screenshots, and programmatically upload local files to websites (`/setFiles`) by bypassing standard file-picker dialogs. While the `SKILL.md` instructions frame these capabilities as tools for advanced web research and automation, the lack of sandboxing and the broad access to the user's live browser environment and local filesystem represent a significant security risk that could be exploited for data exfiltration.