ClawHub

Oc Browser Automation 1.0.0

v1.0.0

浏览器控制工具 - 封装 OpenClaw browser 工具,支持网页自动化、截图、点击输入等操作

0· 134·0 current·0 all-time
by@vlvwlw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description describe a browser automation wrapper; the SKILL.md provides detailed browser actions (open, screenshot, snapshot, click, type, upload, download, tabs, etc.) that are directly consistent with that purpose. No unrelated env vars, binaries, or installs are requested.
Instruction Scope
Runtime instructions remain within browser automation scope (commands to open URLs, take snapshots, interact with elements, manage tabs, upload/download, inspect console/network). They do not instruct reading arbitrary system files or environment variables. However, some operations (console, requests, snapshots, downloads/uploads) will expose page DOM, network traffic and potentially logged-in session data — which is expected for a browser tool but is sensitive in scope.
Install Mechanism
No install spec and no code files are included (instruction-only). This minimizes risk from remote installs or arbitrary code fetches.
Credentials
The skill requests no environment variables or credentials. A noteworthy capability: the 'profile=chrome' / 'target=host' options imply using the user's local browser/profile and therefore access to cookies, sessions, and local files referenced by filePath (uploads/downloads). That access is coherent with browser automation but is sensitive — it is proportionate to the stated function but you should only enable those modes in trusted environments.
Persistence & Privilege
Skill is not always-enabled and uses default model invocation behavior. It does not request persistent agent-wide privileges or modify other skills. No special persistence or elevated platform privileges are declared.
Assessment
This skill appears to do what it says: control a browser and automate interactions. Because it can use your local Chrome/profile and read or write files you point it at (uploads/downloads, snapshots, console/network traces), avoid using it with sensitive accounts or files unless you trust the environment and the agent invoking the skill. If you don't want the skill to access your logged-in sessions, do not use profile=chrome or host targets. Review any commands that supply local file paths or that request full-page snapshots before running them, and avoid sending snapshots or page contents to untrusted destinations.

Like a lobster shell, security has layers — review code before you run it.

latestvk974g6tzhx5wc3mxk80s3kb68d83m88w

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments