技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.4
统计:⭐ 1 · 241 · 1 current installs · 1 all-time installs
⭐ 1
安装量(当前) 1
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:0xpasho/rent-my-browser
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill is coherent with its stated purpose (renting out a browser) but has several concerning behaviors — autonomous frequent polling, persistence of a generated private key and API credentials to disk, and execution of consumer-supplied tasks — that increase risk unless you fully trust the marketplace operator and audit the code.
目的
Name/description match what the code does: it contacts a Rent My Browser API, claims tasks, runs a browser, and reports steps. Declared requirements (curl, jq, node, RMB_API_KEY) map to the scripts. Minor mismatch: Node dependency (viem) is present in package.json/package-lock but there is no install step — the connect script even mentions 'ensure npm install' is run, so the skill expects the host to run npm install manually.
说明范围
SKILL.md instructs the agent to register a cron job that polls an external marketplace every 10s and to execute arbitrary consumer task payloads with the node's browser. Tasks may include consumer-provided data (including credentials) and the agent is asked to interact with remote sites, take screenshots, and post results. A local validator script runs simple regex checks, but validation is limited and could be bypassed; the execution scope th…
安装机制
There is no automated install spec. The skill includes Node code and a package-lock.json (viem and crypto libs) but doesn't provide an install step; scripts warn that 'npm install' must be run. No external archive downloads from untrusted URLs are used; network calls are only to api.rentmybrowser.dev and ipinfo.io. Lack of an automated install step is operationally awkward and should be documented/managed before use.
证书
The primary credential (RMB_API_KEY) is appropriate for a marketplace client, but the skill persists sensitive secrets to disk: it generates an on-chain wallet privateKey and writes it (wallet.json) to both state/ and a persistent folder (default ~/.rent-my-browser) with retention across updates. It also saves API keys and node IDs to the persistent directory. These persistent secrets increase risk if the host or backups are compromised. The s…
持久
The skill registers a cron job (openclaw cron add) running every 10s to autonomously poll and trigger isolated sessions. Although 'always: true' is not set, this frequent autonomous scheduling combined with persistent credentials increases blast radius: the skill can be woken frequently to execute remote-submitted tasks. It does not appear to modify other skills, but it writes persistent state in the user's home directory.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Rent My Browser」。简介:When the agent is idle, connect to the Rent My Browser marketplace and execute …。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0xpasho/rent-my-browser/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
暂无本地缓存内容,可在后台执行详情同步。