← 返回 Skills 市场

OpenClaw Web Chat Pro

Name: OpenClaw Web Chat Pro
Author: qqkzlm

作者 qqkzlm · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

764

总下载

当前安装

版本数

在 OpenClaw 中安装

/install webchat-pro

功能描述

生产级AI聊天网页应用，支持多模型、流式输出、会话持久化和导出，含文件上传、语音及多设备同步等高级功能。

安全使用建议

What to check before installing: - Inspect package.json scripts: the root postinstall runs `cp -r public/* ~/.openclaw/workspace/chat-web/public/`. Decide whether you want files copied into that path; back up ~/.openclaw/workspace/chat-web/public beforehand. - Audit install-time scripts: src/package.json references `install.sh` and `postinstall.js` but those files aren't listed — confirm they aren't present or malicious before running npm install. - Review src/server-v15.js for any outbound network calls, telemetry, or hidden endpoints (send logs/credentials out). If you can't audit the file, run in an isolated VM or container. - Change the default PASSWORD (admin123) and avoid ALLOWED_ORIGINS=* in .env; enforce a strong password and restrict CORS to trusted origins. - To avoid unintended postinstall actions, consider running npm install with scripts disabled (e.g., npm install --ignore-scripts) while you inspect files, or inspect the package contents in a sandbox. - If you need private/production use, prefer deploying only after full code review; for casual testing run inside a disposable environment. If you cannot validate the install-time scripts and server code, treat this package as higher risk and do not install on a production machine.

功能分析

Type: OpenClaw Skill Name: webchat-pro Version: 1.0.0 The skill bundle is classified as suspicious due to several significant vulnerabilities, primarily in `src/server-v15.js` and `src/public/index.html`. These include a hardcoded default password ('admin123'), plain text storage of the password in `chat-auth.json`, and client-side storage of the password in `sessionStorage`. Additionally, the `streamAI` function passes user-controlled input directly to the `openclaw agent` command, which, while using `shell: false`, could still pose a prompt injection risk if the `openclaw` agent itself is vulnerable to specially crafted arguments. The `postinstall` script in `package.json` copies files to a user's home directory, a broad permission that could be abused, though in this context it's for static assets. There is no clear evidence of intentional malicious behavior like data exfiltration or unauthorized remote control.

能力评估

⚠ Purpose & Capability

The code, dependencies (express, socket.io) and public UI files align with a web chat app. However the root package.json includes a postinstall script that copies public/* into ~/.openclaw/workspace/chat-web/public/, which is outside this skill's own folder and not documented in SKILL.md; that cross-workspace write is disproportionate to the described purpose.

⚠ Instruction Scope

SKILL.md instructs users to run npm install and npm start but does not mention the postinstall action that will copy files into the user's ~/.openclaw workspace. Running npm install therefore has side effects not disclosed in the runtime instructions.

⚠ Install Mechanism

There is no external download URL, but npm install will run scripts. The root package.json defines postinstall that performs a cp -r public/* to ~/.openclaw/workspace/chat-web/public/ (writing into home). The src/package.json declares an install script (chmod +x install.sh && ./install.sh) and a postinstall node postinstall.js, but neither install.sh nor postinstall.js appear in the provided file list — this mismatch increases risk because referenced install-time scripts are not visible in the manifest.

ℹ Credentials

Registry metadata declares no required env vars, but SKILL.md asks users to create a .env with PORT, PASSWORD and ALLOWED_ORIGINS. Defaults (PASSWORD=admin123, ALLOWED_ORIGINS=*) are insecure and not emphasized in the manifest; no external API keys or unrelated credentials are requested.

⚠ Persistence & Privilege

The package does not request platform 'always' privilege, but the postinstall copy writes into ~/.openclaw/workspace/chat-web/public — modifying another workspace's files/config is a privilege escalation across skills and may persist files beyond this skill's directory. This behavior is not documented in SKILL.md.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install webchat-pro
安装完成后，直接呼叫该 Skill 的名称或使用 /webchat-pro 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

OpenClaw Web Chat Pro 1.0.0 - Initial release of a production-grade AI web chat application. - Supports basic chat (free), multi-model switching, streaming output, conversation persistence, chat export, and dark mode. - Pro features (subscription) include file uploads, voice input/output, multi-device sync, team collaboration, and advanced analytics. - Enterprise features (subscription) include private deployment, custom models, SSO login, audit logs, and SLA guarantee. - Provides configurable environment variables and simple API endpoints for chat, model listing, and health checks.

元数据

Slug webchat-pro

版本 1.0.0

许可证 —

累计安装 2

当前安装数 2

历史版本数 1

常见问题

OpenClaw Web Chat Pro 是什么？

生产级AI聊天网页应用，支持多模型、流式输出、会话持久化和导出，含文件上传、语音及多设备同步等高级功能。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 764 次。

如何安装 OpenClaw Web Chat Pro？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install webchat-pro」即可一键安装，无需额外配置。

OpenClaw Web Chat Pro 是免费的吗？

是的，OpenClaw Web Chat Pro 完全免费（开源免费），可自由下载、安装和使用。

OpenClaw Web Chat Pro 支持哪些平台？

OpenClaw Web Chat Pro 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 OpenClaw Web Chat Pro？

由 qqkzlm（@qqkzlm）开发并维护，当前版本 v1.0.0。