← 返回 Skills 市场
xiaoya-auto-doing
作者
dongxingao
· GitHub ↗
· v1.0.0
· MIT-0
141
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ya
功能描述
Automate login and page capture for WHUT AI Augmented sites using agent-browser. Use when handling whut.ai-augmented.com or its subdomains, especially to ope...
安全使用建议
This skill appears to implement browser-driven login and page capture for whut.ai-augmented.com, but there are a few red flags to consider before installing or using it:
- The script calls the external 'agent-browser' CLI, but the skill metadata does not list that binary as required. Verify you have a trusted agent-browser binary installed and understand its permissions.
- SKILL.md mentions a 'scripts/whut-open' wrapper that is not present in the provided file manifest. Confirm which file you should run (scripts/auto_login.py is present and appears to be the main script).
- The skill reads credentials from WHUT_USERNAME/WHUT_PASSWORD or from a local JSON file. Do NOT store real credentials inside the skill package. Prefer environment variables or a secure secret store, and use a throwaway/test account when first trying the skill.
- The tool captures full page text and saves it to latest_page_dump.json, which may include sensitive or personally identifiable information. Treat those outputs as sensitive local data.
- Because the code uses subprocess to call agent-browser, inspect and trust that CLI (and its network/browser behavior) before running. Run the skill in a restricted environment (e.g., dedicated VM or container) if you are uncertain about origin/trust.
If you want to proceed safely: (1) confirm/put agent-browser on PATH from a trusted source, (2) do not place real credentials in the skill folder, (3) test with a non-sensitive account first, and (4) inspect runtime outputs for unexpected network calls or sensitive data being written or transmitted.
功能分析
Type: OpenClaw Skill
Name: ya
Version: 1.0.0
The skill bundle is designed to automate authentication and data extraction for the WHUT AI Augmented platform. The primary script, `scripts/auto_login.py`, uses the `agent-browser` utility to handle login forms and capture page content into a local JSON file. While the skill handles sensitive credentials, it does so through standard mechanisms (environment variables or a local configuration file) and lacks any indicators of exfiltration, obfuscation, or unauthorized remote execution.
能力评估
Purpose & Capability
The Python script's behavior matches the stated purpose (open pages, dismiss popups, fill credentials, capture page text). However the skill metadata declares no required binaries while the script calls an external CLI 'agent-browser' — that required binary is not listed. The SKILL.md also references a convenience wrapper 'scripts/whut-open' that is not present in the file manifest. These packaging/declaration mismatches are inconsistent with the stated purpose.
Instruction Scope
Runtime instructions and the script limit their actions to driving agent-browser, reading credentials from environment or a local secret file, and writing a JSON page dump. The script does not send captured data to remote endpoints itself. This scope is consistent with automating browser login and capture, but it will collect full page text (potentially including sensitive info) and save it to latest_page_dump.json — users should expect capture/exfiltration of page content to local disk.
Install Mechanism
There is no install spec (instruction-only plus one script file). Nothing is downloaded or extracted during install. This is lower risk, but the script requires the agent-browser CLI at runtime which the package does not declare.
Credentials
The script legitimately needs WHUT_USERNAME/WHUT_PASSWORD or a path to a local secret file. Those credential sources are described in SKILL.md and used by the code, but the skill metadata does not declare any required environment variables. Also the skill suggests storing secrets in a file under the skill folder (./local/whut_ai_secret.json) which is a poor practice — packaging or placing credentials inside a skill folder increases risk of accidental disclosure.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes runtime output and may create/read a local secret file within its own folder, but it does not modify other skills or global configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ya - 安装完成后,直接呼叫该 Skill 的名称或使用
/ya触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of auto-xiaoya-doing skill.
- Automates login and page capture for WHUT AI Augmented sites using agent-browser.
- Supports credential input via environment variables or local secret files.
- Provides scripts for opening target pages, bypassing popups, and capturing page questions/text.
- Captured page data is saved to latest_page_dump.json for further analysis.
- Includes documentation and workflow guidelines for effective use and automation.
第一个版本应该bug很多。
某些模型有道德限制,不愿意帮你,不知道怎么解决。
目前的版本需要你把完整的作业页面的URL发给它,基于agent browser登陆浏览器,然后完成任务。
有点麻烦。
正在尝试发明全自动化skill。
元数据
常见问题
xiaoya-auto-doing 是什么?
Automate login and page capture for WHUT AI Augmented sites using agent-browser. Use when handling whut.ai-augmented.com or its subdomains, especially to ope... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 141 次。
如何安装 xiaoya-auto-doing?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ya」即可一键安装,无需额外配置。
xiaoya-auto-doing 是免费的吗?
是的,xiaoya-auto-doing 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
xiaoya-auto-doing 支持哪些平台?
xiaoya-auto-doing 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 xiaoya-auto-doing?
由 dongxingao(@dongxingao)开发并维护,当前版本 v1.0.0。
推荐 Skills