osm-ai-bridge
WarnAudited by ClawScan on May 18, 2026.
Overview
The skill’s browser-AI bridge is disclosed, but it uses stealth CDP automation and can access logged-in browser storage without tight scoping.
Install only if you are comfortable letting the skill control a browser session. Use a dedicated browser profile and AI accounts, do not connect it to your normal logged-in browser, avoid entering secrets, and consider official AI APIs instead of stealth web automation.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill connects to a real browser profile, it can inspect session-related browser storage beyond just sending a prompt to Doubao or Gemini.
The code reads cookies for the connected browser context and LocalStorage from the current page without passing a domain filter, and this happens before Ask mode navigates to the intended AI site.
cookies = await self.context.cookies() ... localStorage.getItem(key)
Use only a dedicated browser profile/account for this skill, avoid connecting it to a normal logged-in browser, and remove or tightly scope the storage-reading code.
If the CDP browser has a different tab open first, the skill could type and submit content into the wrong website or account context.
Discuss mode controls the first page in the first CDP context and submits text to the first textarea without checking that the page is Doubao or another intended AI service.
page = browser.contexts[0].pages[0] ... await textarea.fill(prompt) ... await textarea.press("Enter")Require an explicit target URL/domain check before typing, and prefer a dedicated browser context opened directly to the intended AI service.
Pages opened in that context can have their browser environment modified to mask automation, which may violate service expectations and makes the automation less transparent.
The skill injects JavaScript into the browser context to hide automation signals and simulate browser properties.
await self.context.add_init_script(""" ... Object.defineProperty(navigator, 'webdriver', { get: () => undefined }); ... """)Avoid anti-detection scripts unless the user explicitly accepts that behavior; prefer official APIs or transparent automation in a dedicated profile.
A dedicated browser profile may keep login state after use, and the debug browser should not be treated like an ordinary private session.
The skill can automatically start Edge with a persistent debug profile and a local debugging port. This is disclosed, but the profile can retain sessions.
debug_profile = CONFIG_DIR / "edge_debug_profile" ... "--remote-debugging-port=9222", f"--user-data-dir={debug_profile}"Close the debug browser after use and delete ~/.openclaw/ai_bridge/edge_debug_profile if you no longer want the saved session.
Users may install whatever versions are current at install time, which can affect reliability and supply-chain exposure.
The skill relies on manually installed, unpinned Python packages and has no install spec; this is purpose-aligned for Playwright automation but leaves dependency provenance to the user.
需要 Playwright: `pip install playwright aiohttp`
Install dependencies in a virtual environment and pin reviewed versions where possible.
Sensitive prompt text may remain on disk in the skill’s log file.
The skill writes part of the user’s question to its persistent log file under ~/.openclaw/ai_bridge.
logger.info(f"开始Ask流程 - AI: {self.ai_name}, 问题: {question[:50]}...")Avoid sending secrets in prompts and periodically review or delete ~/.openclaw/ai_bridge/ai_bridge.log.