Agent Web Cpu
v1.0.0transweb.cn AI Agent 智能执行套件。支持单应用执行、多应用串联流水线(前一个输出作为后一个输入)、自动匹配或创建应用。全程浏览器自动化,输出 Markdown 文档。 Keywords: AI Agent, transweb, 执行应用, 创建应用, 串联, 流水线, pipeline, 博文...
⭐ 0· 37·0 current·0 all-time
byTransweb@liuwenjin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description describe a browser-automation wrapper for transweb.cn and the SKILL.md only requires browser navigation, DOM evaluation, file read/write for apps.json, and saving Markdown — all consistent with building an automation agent for that site.
Instruction Scope
Instructions stay focused on interacting with transweb.cn (navigate, click, type, evaluate, snapshot) and on managing a local apps.json and saving Markdown to ~/Downloads. However the skill runs arbitrary JS in page context (browser.evaluate) and automates clicks/typing on pages, which can cause side-effects on the target site or access page state (including any logged-in session). The SKILL.md also allows using a user profile (profile: "user") which would expose site-authenticated state to the automation.
Install Mechanism
Instruction-only skill with no install spec or external downloads; nothing is written to disk by an installer. Lower risk from installation perspective.
Credentials
The skill declares no environment variables, no external credentials, and only uses local files (apps.json) and browser tooling. There are no disproportionate credential requests.
Persistence & Privilege
The skill modifies its own apps.json and writes output files to ~/Downloads (expected for its purpose). It does not set always: true. Be aware it can spawn subagents and requires browser tool access; when run with a user browser profile this grants it access to the user's authenticated sessions on websites.
Assessment
This skill is internally consistent for automating transweb.cn via the OpenClaw browser tool. Before installing or running it: (1) only enable the browser tool (browser.enabled and browser.evaluateEnabled) if you trust the skill — evaluate runs JavaScript inside pages; (2) avoid using your personal browser profile unless necessary (the 'user' profile exposes logged-in sessions and sensitive site state); (3) review changes to apps.json and any files saved to ~/Downloads; (4) be cautious when adding arbitrary app IDs — the skill will open the corresponding transweb.cn URL and may trigger site actions; (5) consider running it in a sandboxed agent/session first. If you want a stricter review, provide the full SKILL.md flow you intend to use (e.g., whether you will allow profile:"user" or spawn subagents) so I can reassess risk with that configuration.Like a lobster shell, security has layers — review code before you run it.
latestvk97082ffdpk6sdcy6d3wg416hd840j8j
License
MIT-0
Free to use, modify, and redistribute. No attribution required.