page-agent 浏览器控制(CDP)
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: page-agent-browser Version: 1.0.0 The skill bundle provides a structured framework for an AI agent to control a web browser via the `page-agent` CLI and Chrome DevTools Protocol (CDP). It includes comprehensive safety protocols, such as `CRITICAL_ACTIONS.md`, which mandates human confirmation for sensitive operations (e.g., payments, deletions), and `EXPLORATION_PROTOCOL.md`, which restricts the agent's behavior during site discovery. While it requires powerful permissions (Bash/Exec) and directs the user to install a CLI from a specific GitHub repository (sdyuyouth/page-agent-cli), these requirements are transparently documented and strictly aligned with the skill's stated purpose of browser automation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and used this way, the agent may be able to operate as you on websites where you are already signed in, including account, posting, purchase, or payment flows.
The skill recommends controlling the user's normal browser profile, so the agent can act through existing cookies, extensions, and logged-in accounts rather than a dedicated limited profile.
默认复用用户已有配置:不要加 --user-data-dir,即与日常登录、扩展、Cookie 同一用户数据目录
Use a separate browser profile or temporary user-data-dir for automation whenever possible, and only connect CDP to your normal profile for tasks you explicitly trust and supervise.
The agent can change web pages, submit forms, upload user-selected files, navigate tabs, and run JavaScript in the controlled browser.
The CLI exposes powerful browser-control primitives, including page interaction, file upload, navigation, and JavaScript evaluation. These are expected for this skill's purpose but can have high impact if misapplied.
`click` / `hover` ... `input` / `upload` / `select` ... `eval` / `goto`
Keep critical-action confirmations enabled, review actions before submit/pay/delete/post flows, and avoid granting broad autonomous tasks on sensitive sites.
Your security depends on the authenticity and contents of the external release package you install.
The runnable CLI is not included in the skill and is installed globally from a GitHub Release archive, so the reviewed artifact does not contain the code that will actually run.
只从 GitHub Releases 附件获取 `.tgz` ... `npm install -g ./page-agent-cli-1.8.2.tgz`
Install only from the intended repository release, verify the version and publisher, and prefer checksums or signed releases if available.
Saved local instructions or lessons can shape future browser actions, and may contain task details, selectors, or action history.
The skill intentionally writes local experience, recipes, logs, and lessons for later reuse by the agent.
`elements.md`、`recipes/*.md`、`critical.md`;运行期可维护 `exploration-log.md`、`health.md` ... 保存为 `lessons/*.json`
Review generated `platforms/<site>/` files before reusing them, avoid storing sensitive inputs in recipes or logs, and delete stale or untrusted lessons.