ClawHub

browser-session-archive

v1.0.1

Extracts and archives chatgpt.com and claude.ai share links to Markdown using Chrome CDP (e.g., ChatGPT or Claude conversations).

0· 106·0 current·0 all-time
by@guobaba1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (archive ChatGPT/Claude share pages) aligns with the included scripts: capture-cdp.js connects to a local Chrome DevTools Protocol endpoint and saves HTML, and convert-markdown.js transforms HTML to Markdown. Small mismatch: the skill declares 'bun' as a required binary but all scripts run under node; bun is optional/unsupported in the code. The metadata/instructions ask you to install the 'ws' npm module globally even though a package.json with a local dependency is present (redundant, but explainable).
Instruction Scope
Runtime instructions are narrowly scoped to: connect to a local Chrome debug port, open or create a page for the TARGET_URL, capture document HTML, and convert to Markdown. The scripts only read/write local files under the chosen OUTPUT_DIR. Important security note included in SKILL.md: CDP access can read any page loaded in that Chrome profile (including authenticated content), which is inherent to this approach and not hidden in the instructions.
Install Mechanism
No network downloads of arbitrary archives are performed. The package includes local JS scripts and a package.json with 'ws' in dependencies. The skill asks the user to run 'npm install -g ws' as a prerequisite (global install is unnecessary but low-risk). There is no remote URL download or extraction of external code.
Credentials
The skill requests no secret credentials or config paths. It does require access to a local Chrome remote-debugging port (default 9222) and will read the pages open in that browser session. Because CDP exposes page content and resources, running this against a Chrome instance where you are logged into services will allow the script to capture authenticated content — this is a legitimate capability for an archiver but a privacy/security consideration the user must weigh.
Persistence & Privilege
The skill does not request permanent/always-enabled privileges, does not modify other skills or system-wide settings, and runs only when invoked. It writes output to a user-controlled directory. 'always: false' and normal model invocation are used.
Assessment
This skill appears to do what it says — it uses the Chrome DevTools Protocol locally to fetch page HTML and convert it to Markdown. Before installing or running it: 1) Do not expose Chrome's --remote-debugging-port to untrusted networks; keep it bound to localhost. 2) Prefer running Chrome in a dedicated profile or a fresh browser instance (not your main profile) to avoid unintentionally capturing authenticated sessions or sensitive tabs. 3) You can skip a global 'npm install -g ws' by running npm install in the script directory (package.json already lists ws). 4) 'bun' is declared but not required by the code; only Node.js is needed to run the scripts. 5) Review output files in the chosen OUTPUT_DIR and remove any captures you don't want stored. If you want greater assurance, inspect the three included scripts yourself or run them in an isolated environment.

Like a lobster shell, security has layers — review code before you run it.

archivevk9729vtqpp4mryhsgpxdfhnb5s83qkz2browservk9729vtqpp4mryhsgpxdfhnb5s83qkz2cdpvk9729vtqpp4mryhsgpxdfhnb5s83qkz2chatgpt chatbotvk9729vtqpp4mryhsgpxdfhnb5s83qkz2chromevk9729vtqpp4mryhsgpxdfhnb5s83qkz2claude chatbotvk9729vtqpp4mryhsgpxdfhnb5s83qkz2extractvk9729vtqpp4mryhsgpxdfhnb5s83qkz2latestvk9729vtqpp4mryhsgpxdfhnb5s83qkz2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📄 Clawdis
OSmacOS · Linux
Binsnode, bun

Comments