Browser Automation Core
v1.0.0Core browser automation library for OpenClaw agents. Provides reusable navigation, interaction, and capture capabilities for both Facet (Onshape learning) an...
⭐ 0· 5·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the provided Python code: multiple implementations use CDP WebSocket and/or the openclaw CLI to navigate pages, capture screenshots, and manage sessions. The examples (Facet, Ace) and library files implement the advertised navigation/interaction/capture features and reference the local CDP endpoint (localhost:18800), which is consistent with a reusable browser automation core.
Instruction Scope
SKILL.md instructs the agent and user to connect to a local CDP/WebSocket, copy the skill into an OpenClaw workspace path, and set local environment variables (CDP_URL, CDP_WEBSOCKET, BROWSER_*). Those steps are reasonable for this functionality. Notes: SKILL.md contains example login usage (Onshape) and example PII-like data in examples; the README suggests writing config into the agent's skills config (expected). The instructions do not direct data to third‑party endpoints beyond the local CDP, nor do they request unrelated files, but they do reference /root/.openclaw paths which assume privilege to write there.
Install Mechanism
No install spec is provided (instruction-only install), so nothing is downloaded or executed during install. The skill bundle includes Python source files; that is consistent with no installer. This is a low-risk install model, but because source is 'unknown' origin the user should verify provenance before placing files in system paths.
Credentials
SKILL.md documents environment variables (CDP endpoints, BROWSER_* settings, screenshot/session dirs) that are appropriate for a browser automation library. However, the registry metadata lists no required env vars — a mild mismatch. There are no demanded external API keys or unrelated credentials. Example files show an example email/password and other example PII — these are illustrative only but should be cleaned before production.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It suggests writing screenshots, temp files, and optionally adding its config under the agent's skills config (normal). It will invoke subprocesses (openclaw CLI) and open local WebSocket connections to localhost:18800 — expected for its purpose.
Assessment
This skill appears to be what it says: a local browser automation core that talks to an OpenClaw browser/CDP on localhost and uses the openclaw CLI in some implementations. Before installing: 1) Verify the skill's provenance since Source/Homepage are unknown. 2) Only run it in an environment where the OpenClaw browser/CDP at localhost:18800 is trusted and not publicly reachable (the code connects to localhost and writes screenshots/temp files). 3) Note SKILL.md documents environment variables but the registry metadata lists none — confirm necessary env vars (cdp URLs, screenshot/session dirs) are set correctly. 4) Remove or replace example PII/credentials in example code before reuse. 5) Review subprocess usage (calls to 'openclaw' CLI) if your environment restricts command execution. If you need higher assurance, run the code in a sandboxed agent or inspect/validate the Python files locally before copying them into your OpenClaw workspace.Like a lobster shell, security has layers — review code before you run it.
latestvk975r5s2xf7b4dgnakhps690t184ky20
License
MIT-0
Free to use, modify, and redistribute. No attribution required.