ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cdp Browser

CDP browser control at localhost:9222. Use when you need to inspect tabs, take screenshots, navigate, scroll, post to X, or run JS in a persistent browser se...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 589 · 3 current installs · 3 all-time installs
bygostlight@gostlightai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to control a browser via CDP on localhost:9222 and to be able to inspect tabs, screenshot, navigate, scroll, run limited queries, and optionally post to X. The included files (cdp.js, pw.js, helper scripts) and the Playwright dependency align with that purpose. The Telegram confirm flow and a workspace config file are reasonable additions given the described UX.
Instruction Scope
SKILL.md instructs the agent to run CLI scripts from the skill directory, write/read a pending-tweet file under the OpenClaw workspace, and (optionally) send a Telegram message via the OpenClaw CLI. These actions are in-scope for a browser-control + confirm-post feature. The agent will read/write files in ~/.openclaw/workspace(.cdp-browser) and may call openclaw message send; both are documented and required for the Telegram flow.
Install Mechanism
There is no formal install spec in the registry metadata (instruction-only), but package.json and package-lock.json declare a Playwright dependency. The README suggests running npm install. Playwright is a standard npm package (registry), but it is heavy and can download browser binaries during installation — this is expected for a Playwright-based tool but is a practical operational consideration.
Credentials
The skill declares no required env vars or credentials. The code does use OPENCLAW_WORKSPACE (optional) and falls back to HOME/USERPROFILE to locate the workspace for saving pending state; this is proportional to the documented feature. It does not request unrelated secrets or credentials. Control over a local CDP endpoint (localhost:9222) is powerful but matches the skill's purpose.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It writes only to its own workspace subdirectory for pending tweets and does not modify other skills' configs. Autonomous invocation is allowed (platform default) but not unusual for this skill type.
Assessment
This skill appears to do what it says: control a local Chromium instance over CDP and optionally assist with posting to X using a Telegram confirm flow. Before installing, note: - You will need Chromium running with --remote-debugging-port=9222 and likely to run npm install in the skill dir (Playwright dependency), which may download browser binaries. - The skill can control pages in that browser (navigate, screenshot, fill and click); keep the CDP endpoint local and protected because it grants full browser control. - If you enable the Telegram confirm button, you must copy the example config into your OpenClaw workspace; the skill will write a pending-tweet file there and use openclaw message send to post the inline button. Review .cdp-browser.json and the pending-tweet file location to ensure they meet your privacy requirements. - Review the code (pw.js, cdp.js, and scripts/send-tweet-confirm.sh) to confirm the exact selectors and flows match your expectations, and be aware screenshots or page queries may capture sensitive content. If you want higher assurance, run npm install in an isolated environment first and inspect what Playwright downloads, and test with an unprivileged local browser profile.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2.0.1
Download zip
latestvk97estkxy3yg3ebxftckzhcjr581yf60

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

cdp-browser

CLI for Chrome/Chromium at localhost:9222. Inspect tabs, take screenshots, navigate, scroll, post to X, or run JS in a persistent browser session.

Repo: https://github.com/gostlightai/cdp-browser

Prerequisites: Chromium running with --remote-debugging-port=9222. Docker Compose or a local Chrome with remote debugging enabled.

Commands

Run from the skill dir (bin/ scripts):

CommandDescription
statusList all tabs (JSON from CDP)
tabsSame as status
new <url>Open new tab
goto <tabId> <url>Navigate tab to URL
snapshot <tabId>Full-page screenshot (PNG)
close-popup <tabId>Dismiss dialogs/modals
scroll <tabId> <px|sel> [down|up]Scroll by pixels or selector
query <tabId> getUrlReturn current page URL
query <tabId> getText [selector]Return element text (or body)
query <tabId> getHtml [selector]Return element HTML (or body)
tweet-draft <tabId> "text"Fill compose box only; does NOT post
tweet-post <tabId> --confirm "text"Post tweet (requires --confirm as second arg)
tweet <tabId> "text"Alias for tweet-draft (fills compose only)

Tweet flow

  • tweet-draft (default): Fills the compose box; user reviews in browser and posts manually.
  • tweet-post: Requires --confirm as second arg (strict). Use when user explicitly approves ("go ahead", "post it", or Telegram confirm button).
  • Optional Telegram confirm: When tweet.confirmButton is enabled in config, the agent can run tweet-draft --save-pending to write pending state, then send a message with an inline "Confirm Post" button. On confirm, the agent runs tweet-post --confirm.

Config (required for Telegram confirm button)

The Telegram "Confirm Post" button only works if config exists. Copy the example and place it in your workspace:

# From the skill dir (e.g. ~/.openclaw/workspace/skills/cdp-browser):
cp .cdp-browser.json.example ~/.openclaw/workspace/.cdp-browser.json

Location: ~/.openclaw/workspace/.cdp-browser.json (or $OPENCLAW_WORKSPACE/.cdp-browser.json)

KeyDefaultDescription
tweet.confirmButtonfalseWhen true, agent sends draft with inline "Confirm Post" button in Telegram. User clicks to approve or says "go ahead".

Without this config, the agent uses plain tweet-draft (no button); user confirms via text only.

Telegram confirm button (agent instructions)

When tweet.confirmButton is true (config present) and you are in a Telegram session:

  1. Draft: Run tweet-draft --save-pending <tabId> "text" from the skill dir. This fills the compose box and writes ~/.openclaw/workspace/.cdp-browser/pending-tweet.json.
  2. Send with button: Run from the skill dir: 
    ./scripts/send-tweet-confirm.sh <chat_id> "<tweet_text>"
    Or use openclaw message send directly with --buttons '[[{"text":"Confirm Post","callback_data":"cdp:tweet:confirm"}]]'. Use the current session's reply target as <chat_id>.
  3. On confirm: When the user clicks the button, OpenClaw delivers callback_data: cdp:tweet:confirm. Or the user says "go ahead"/"post it". Treat either as approval. Then:
    • Read ~/.openclaw/workspace/.cdp-browser/pending-tweet.json for text and tabId
    • Run tweet-post <tabId> --confirm "<text>"
    • Edit or delete the message with the button (optional)
    • Delete the pending file

Scripts

  • cdp.js — Fetch-only wrapper for CDP HTTP API (/json, /json/list, /json/new); no shell.
  • pw.js — Playwright connect to browser; runs snapshot/goto/scroll/query/tweet-draft/tweet-post. Compose launcher: SideNav_NewTweet_Button, /compose/post, Post only (avoids reply buttons). Post button: tweetButton, tweetButtonInline.

Security

See SECURITY.md for mitigations and operational notes.

Files

10 total
Select a file
Select a file to preview.

Comments

Loading comments…