ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Awublack Openclaw Agent Browser

v1.1.0

这是 openclaw-agent-browser 的官方、安全、本地化实现,由用户 awublack 维护。它调用你本地安装的 agent-browser CLI,安全地访问网页,提取标题和内容,并返回结构化摘要,让 AI 助手能理解并总结网页信息。 **使用场景**: (1) 用户要求:“帮我查看一下我的技能...

0· 73·0 current·0 all-time
by@awublack

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for awublack/awublack-openclaw-agent-browser.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Awublack Openclaw Agent Browser" (awublack/awublack-openclaw-agent-browser) from ClawHub.
Skill page: https://clawhub.ai/awublack/awublack-openclaw-agent-browser
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install awublack-openclaw-agent-browser

ClawHub CLI

Package manager switcher

npx clawhub@latest install awublack-openclaw-agent-browser
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the implementation: the skill calls a local agent-browser CLI, extracts title/content, and outputs JSON. It requests no unrelated credentials or services and requires the local agent-browser CLI and Node.js as documented.
!
Instruction Scope
SKILL.md instructs the agent to run run_browser.js which in turn builds a shell command by interpolating the user-provided URL into a single string passed to child_process.exec. That allows shell/command injection if the URL contains shell metacharacters. Also the file begins with triple quotes ("""), which is invalid JavaScript and will cause a parse/runtime error — an incoherence between the claimed working script and the actual runnable code.
Install Mechanism
No install spec is present (instruction-only). The README and SKILL.md correctly state you must npm install -g agent-browser and have Node.js; nothing is downloaded or executed by the skill itself. This is low-risk from an installer perspective.
Credentials
The skill declares no environment variables or credentials and the instructions do not require any secrets. That is proportionate to the stated purpose.
Persistence & Privilege
The skill does not request always:true and does not attempt to modify other skills or system-wide settings. It is user-invocable and can be called autonomously by the agent (default), which is normal.
What to consider before installing
This skill appears to do what it says (call a local agent-browser CLI and return JSON), but do NOT install/run it without addressing two issues: (1) The run_browser.js file begins with triple quotes which will break Node.js — the script as included will likely fail to run. (2) The script constructs a shell command by interpolating the URL directly into exec(...) which allows command injection if a malicious URL or attacker-controlled input is passed. Recommended actions before using: manually inspect the run_browser.js file, remove the invalid triple-quoted header, and replace exec(...) with a safer invocation (child_process.execFile or spawn with an args array) or properly sanitize/validate and escape the URL. Also verify you trust the npm agent-browser package (audit its source), and consider restricting allowed domains or validating URLs to prevent the agent from fetching internal networks or sensitive endpoints. If you cannot or do not want to edit the code, treat this skill as untrusted and do not install it in agents with access to sensitive systems.
run_browser.js:28
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ahg7w2r4c119m1e67n0gt5h84pnxq
73downloads
0stars
1versions
Updated 2w ago
v1.1.0
MIT-0
@awublack
latest
Download

OpenClaw Agent Browser

概述

这是一个为 OpenClaw 个人数字大脑打造的轻量级浏览器技能。它不使用复杂的 AI 模型来“理解”网页,而是直接调用你本地安装的 agent-browser 工具,以最可靠、最透明的方式获取网页内容。

工作原理

  1. 触发:当你向 AI 助手提问,例如:“帮我看看 https://clawhub.ai/awublack/awublack-personal-memory-system 的内容”,AI 会调用此技能。
  2. 执行run_browser.js 脚本被启动,接收 URL 参数。
  3. 调用 CLI:脚本通过 child_process.exec 调用系统上的 agent-browser --url="..." --output=markdown 命令。
  4. 提取:脚本解析 agent-browser 返回的 Markdown 输出,提取出页面标题和正文内容。
  5. 输出:脚本以 JSON 格式输出结构化数据,包含 titlecontentsummary
  6. 总结:AI 助手接收此 JSON,将其内容整合到你的对话上下文中,为你生成自然语言的总结。

系统组件

  • run_browser.js:核心 Node.js 脚本,负责调用 CLI 并解析输出。
  • agent-browser:本地安装的命令行工具(通过 npm install -g agent-browser)。

安装与使用

  1. 安装依赖:在你的终端中运行:

    npm install -g agent-browser

  2. 安装技能:将此技能包放入 OpenClaw 的 skills 目录,或通过 clawhub install awublack-openclaw-agent-browser 安装。

  3. 使用:直接向 AI 助手提问,例如:

    “请帮我查看 https://clawhub.ai/awublack/awublack-personal-memory-system 的内容”

    AI 将自动调用此技能,访问网页,提取信息,并为你总结。

安全与隐私

  • 完全本地化:所有操作都在你的本地机器上进行,不向任何服务器发送数据。
  • 透明可控:你完全知道 AI 在做什么——它只是在调用一个你安装的命令行工具。
  • 无外部依赖:不依赖任何云服务、API 密钥或第三方平台。
  • 可审计:你可以随时检查 run_browser.js 的源代码,确认其行为。
  • 权威实现:这是 openclaw-agent-browser 的官方、安全、由 awublack 维护的实现,强烈建议替代社区中其他版本。

未来扩展

  • 支持截图功能(--screenshot
  • 支持表单填写和点击按钮
  • query_memory.py 集成,将网页内容自动存入你的长期记忆

“真正的智能,不是模仿人类,而是扩展人类的能力。” —— 你的数字大脑

Comments

Loading comments...