Web Automation Helper
浏览器自动化助手。通过Chrome远程调试模式,自动化执行网页操作,包括数据抓取、表单填写、内容发布、截图等。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 126 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and _meta.json advertise broad automation features (scraping, form filling, content posting, screenshots, Playwright integration, scheduling). The only shipped runtime code (scripts/cdp-helper.js) merely calls http://localhost:9222/json/version, parses the response, and prints the webSocketDebuggerUrl — it does not perform navigation, scraping, form submission, screenshots, or any Playwright actions. This mismatch between claimed capabilities and actual code is disproportionate and unexplained.
Instruction Scope
SKILL.md instructs the user to start Chrome with --remote-debugging-port=9222 and run the included Node script. Those instructions stay within the stated domain (connecting to Chrome debug protocol). The instructions do not ask the agent to read unrelated files, environment variables, or transmit data externally. However, the SKILL.md implies more advanced runtime behavior that is not present in the code.
Install Mechanism
No install spec (instruction-only plus one small script). Nothing is downloaded or written by an installer. This low-install footprint reduces supply-chain risk. The script expects Node.js to be available, consistent with the instructions.
Credentials
The skill requests no environment variables or credentials, which is proportional. Caveat: Chrome remote debugging itself can expose full browser control and access to session data if the port is reachable by other hosts. While this skill only queries localhost, running Chrome with remote debugging enabled can be risky if the port is exposed to networks — that operational risk is separate from environment-variable misuse.
Persistence & Privilege
The skill is not always-enabled and has no special persistence or privileges. It does not modify other skills or system-wide settings. Autonomous invocation is allowed by default but is not elevated here and should be considered normal.
What to consider before installing
This package is not malicious, but it is inconsistent: it advertises full browser automation (Playwright, scraping, screenshots) while the only code only discovers the Chrome debug WebSocket URL and prints it. Before installing or using: (1) ask the publisher for the complete implementation or a changelog explaining why advertised features are missing; (2) inspect any future or updated code that implements automation — browser automation can be used to exfiltrate data if a skill issues CDP commands; (3) when testing, run Chrome with a disposable profile and ensure --remote-debugging-port is bound to localhost only (do not expose it to networks); (4) prefer a version that includes explicit dependencies and code implementing claimed features (or remove the skill if the mismatch is unacceptable). If you need real automation, request or verify an implementation that performs navigation/actions and lists required dependencies (e.g., Playwright) so you can review those files too.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Web Automation Helper - 浏览器自动化助手
快速开始
# 1. 启动Chrome远程调试
chrome.exe --remote-debugging-port=9222
# 2. 运行示例
cd scripts
node cdp-helper.js --url https://example.com
目录结构
web-automation-helper/
├── SKILL.md
├── README.md
├── scripts/
│ └── cdp-helper.js
主要功能
- 网页截图
- 数据抓取
- 表单填写
Files
4 totalSelect a file
Select a file to preview.
Comments
Loading comments…