Google Index Checker
v1.1.0Check Google indexed page count for any domain using the "site:" search operator in Chrome Remote Debugging Protocol (CDP on localhost:9222). Use when the us...
⭐ 0· 126·0 current·0 all-time
byGuangxianLiu@lgx-00
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the instructions: the skill drives Chrome via the local CDP to perform Google site: searches and parse result counts. Requested artifacts (Node/ws, localhost CDP) are coherent with this purpose.
Instruction Scope
Instructions stay within the declared task (navigate to Google search pages and read #result-stats). However, using an existing Chrome profile means the CDP-controlled tab runs in the user's authenticated browser session (cookies, logged-in accounts). While the skill only instructs navigation to google.com, CDP allows arbitrary navigation and JS execution in the browsing context — the instructions rely on the operator to not deviate. The SKILL.md also instructs installing npm packages under /tmp and removing them; it does not access other system files or env vars.
Install Mechanism
No formal install spec; the SKILL.md asks to install the npm 'ws' package into /tmp/wsclient if missing. This is a standard npm install (moderate trust requirement). Using /tmp is reasonable for temporary tooling, but users should verify the package source and contents before executing arbitrary scripts that require it.
Credentials
The skill requests no environment variables, secrets, or config paths. The only notable resource is the local Chrome instance (CDP at localhost:9222), which is necessary for the described functionality.
Persistence & Privilege
Skill is instruction-only, has no install that persists beyond /tmp, and does not request always:true or any persistent privileges. It instructs cleanup of the temporary package and tab closure.
Assessment
This skill is coherent for checking Google-index counts by controlling a local Chrome instance, but it operates inside your Chrome profile and thereby can access the browser's authenticated session (cookies, logged-in accounts). Before using: 1) Run Chrome with remote debugging on a dedicated/ephemeral profile or in an isolated environment (container or disposable profile) to avoid exposing personal accounts. 2) Inspect the /tmp/wsclient contents and prefer installing packages from a trusted environment (or use a local copy of 'ws' you control). 3) Ensure localhost:9222 is bound only to loopback and not exposed to your network. 4) Be aware the SKILL.md's JavaScript is a template — operators or automated agents could alter it to navigate to other sites or execute arbitrary JS; only run code you trust. If you cannot run Chrome in an isolated profile, do not use this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk972ypm4av82td68yw2drhepzx83xgrn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.