技能详情(站内镜像,无评论)
作者:Anonymous @adminlove520
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.0
统计:⭐ 0 · 250 · 4 current installs · 4 all-time installs
⭐ 0
安装量(当前) 4
🛡 VirusTotal :可疑 · OpenClaw :可疑
Package:adminlove520/chrome-cdp
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :可疑
OpenClaw 评估
The skill's purpose (accessing open Chrome tabs) is plausible, but the packaged code is incomplete (it execs a scripts/cdp.mjs that isn't included and SKILL.md instructs you to git-clone an external repo) and the code uses unescaped shell execution (execSync with joined args), creating a real command-injection and supply-chain risk.
目的
Name/description match the code's intent (control Chrome via CDP). However index.js expects a helper script at scripts/cdp.mjs that is not present in the package; SKILL.md instructs users to git clone https://github.com/pasky/chrome-cdp-skill to obtain missing files. Requiring an external repo at runtime (not bundled) is an inconsistency and forces fetching and running unvetted code to make the skill functional.
说明范围
SKILL.md's runtime instructions are focused on enabling remote debugging and running the included scripts, which is within scope. But index.js runs child processes via execSync by building a single shell string (cmd.join(' ')) from user-supplied arguments (targetId, selectors, expressions). This is a command-injection risk: specially crafted inputs could execute arbitrary shell commands. The skill also promises access to logged-in pages (sensi…
安装机制
There is no formal install spec in the package; SKILL.md directs users to git-clone a GitHub repo to obtain required scripts. Fetching additional code from GitHub is common but still a supply-chain step that should be audited. The packaged index.js alone is insufficient to function, so the user must pull external code before use.
证书
The skill does not request environment variables or credentials, which is proportionate. However, its legitimate functionality requires access to the user's running Chrome and will read the contents of logged-in pages (Gmail, GitHub, etc.), which is inherently sensitive — users should consider whether exposing those pages to an agent is acceptable.
持久
The skill is not marked always:true and does not request system-wide config changes or persistent privileges. It does execute commands locally but does not itself claim to persist or modify other skills.
index.js:33
Shell command execution detected (child_process).
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「chrome-cdp」。简介:通过Chrome远程调试协议访问已打开的Chrome标签页,支持读取登录状态页面及与真实页面交互操作。。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/adminlove520/chrome-cdp/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
# chrome-cdp-skill
> 让AI agent访问你已打开的Chrome标签页
## 简介
chrome-cdp-skill 通过Chrome远程调试协议(CDP)连接你已经在用的Chrome会话,让AI可以:
- 读取已登录账户的页面(Gmail、GitHub等)
- 与你正在工作的标签页交互
- 查看真实页面状态(非重新加载的干净状态)
## 安装
### 前提条件
- Chrome浏览器
- Node.js 22+
### 启用Chrome远程调试
1. 在Chrome地址栏输入:`chrome://inspect/#remote-debugging`
2. 打开"启用远程调试"开关
### 安装Skill
```bash
# 克隆仓库
git clone https://github.com/pasky/chrome-cdp-skill.git
cd chrome-cdp-skill
# 或复制 skills/chrome-cdp/ 目录到你的agent skills目录
```
## 使用方法
### 基本命令
```bash
# 列出打开的标签页
node scripts/cdp.mjs list
# 截图
node scripts/cdp.mjs shot <targetId>
# 获取可访问性树
node scripts/cdp.mjs snap <targetId>
# 获取HTML
node scripts/cdp.mjs html <targetId> [".selector"]
# 点击元素
node scripts/cdp.mjs click <targetId> "selector"
# 输入文字
node scripts/cdp.mjs type <targetId> "text"
# 导航
node scripts/cdp.mjs nav <targetId> https://...
# 评估JavaScript
node scripts/cdp.mjs eval <targetId> "expression"
# 网络资源计时
node scripts/cdp.mjs net <targetId>
# 加载更多(点击"加载更多"直到消失)
node scripts/cdp.mjs loadall <targetId> "selector"
```
### 获取targetId
首先运行 `list` 命令获取标签页的targetId:
```bash
$ node scripts/cdp.mjs list
TargetID Title URL
--------- ----- ---
abc123def Gmail - Google Account https://mail.google.com/...
def456ghi GitHub https://github.com/...
```
然后用targetId前缀操作:
```bash
node scripts/cdp.mjs snap abc
node scripts/cdp.mjs click abc "#compose"
node scripts/cdp.mjs type abc "Hello World"
```
## 与OpenClaw集成
### 方法1:直接调用脚本
在OpenClaw中通过exec调用:
```bash
node /path/to/chrome-cdp-skill/scripts/cdp.mjs list
```
### 方法2:创建MCP服务器
可以将其封装为MCP服务器供OpenClaw调用。
### 方法3:创建OpenClaw Skill
参考 `skills/chrome-cdp/index.js` 创建完整Skill。
## 优势对比
| 特性 | chrome-cdp | Puppeteer类工具 |
|------|------------|----------------|
| 浏览器 | 已有Chrome | 新启动浏览器 |
| 登录状态 | 保持 | 需重新登录 |
| 页面状态 | 真实状态 | 干净状态 |
| 标签页数量 | 100+不卡 | 容易超时 |
| 依赖 | 仅Node.js | Puppeteer+浏览器 |
## 注意事项
1. 首次访问标签页时,Chrome会弹出"允许调试"确认框
2. 守护进程20分钟无活动自动退出
3. 目标ID只需唯一前缀即可匹配
## 参考
- GitHub: https://github.com/pasky/chrome-cdp-skill
- 作者: pasky
- Stars: 1000+