Auto Study
v1.3.2Use when handling browser-based study tasks on platforms like Yuketang, Xuexitong, and Pintia, including quiz answering and page actions.
⭐ 1· 263·1 current·1 all-time
bySong Kexin@amiracleta
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match what the skill actually asks for: Chrome + CDP access, agent-browser tooling, and a local profile to preserve login state. No unrelated credentials, binaries, or unclear external services are requested.
Instruction Scope
The runtime instructions ask the agent to attach to a Chrome instance via a CDP port, read the active tab/URL, take full-page screenshots, extract text from images, and save markdown and images into workspace paths. Those actions are expected for browser automation but grant broad access to the user's browser session and page contents (including other open tabs or sites if attached to a general Chrome process). The skill documents verification steps (verify URL/tab before acting) which partially mitigates risk, but the ability to inspect and interact with arbitrary pages is high-impact and should be used only with trusted instances/profiles.
Install Mechanism
No install spec or bundled code; the skill is instruction-only. It lists prerequisites (agent-browser CLI and an agent-browser skill) but does not download arbitrary artifacts. This lowers supply-chain risk compared to remote installs.
Credentials
The skill declares no environment variables or external credentials, which is proportional. However, it relies on a persistent browser profile root (%LOCALAPPDATA%\AutoStudy\browser) and on attaching to a Chrome instance exposing a CDP port. Using a profile means the skill may access cookies, local storage, and saved credentials implicitly; this is expected for the use case but is a privileged capability that the user should treat as sensitive.
Persistence & Privilege
always:false and model invocation are normal. The skill suggests storing profiles and workspace artifacts on disk under the agent workspace and a profile root. That is reasonable for its function but creates persistent local artifacts (screenshots, markdown, browser profile) that may contain sensitive data; the skill does not request system-wide privileges or modify other skills.
Assessment
This skill appears to do what it says, but it controls a Chrome instance and writes screenshots and answer records to disk, so treat it like a remote browser-controller: 1) only attach it to a dedicated/testing Chrome profile (or run Chrome launched specifically for the skill) rather than your main personal profile; 2) avoid attaching to a Chrome/CDP port that is exposed to the network; 3) verify and, if needed, clear the %LOCALAPPDATA%\AutoStudy\browser profile directory after use; 4) review and install the referenced agent-browser CLI and the agent-browser skill from their official sources before use; 5) do not use for formal exams or to bypass platform rules; and 6) if you are concerned about sensitive data, run the skill in a disposable VM or container so captured screenshots and cookies do not leak into your main environment.Like a lobster shell, security has layers — review code before you run it.
latestvk97dm0r7dbpzwqdb9aqjjakb3182yxz2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎓 Clawdis