Web Freedom Toolkit — 实用工具
v8.0.0和 DrissionPage (D-Mode) 用于 undetectab...
0· 194·0 当前·0 累计
by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's code broadly matches its stated goal (server-side anti‑bot / stealth browsing) but contains high‑privilege capabilities, undeclared gates/credentials, and metadata mismatches that do not add up and warrant caution.
评估建议
This package appears to implement advanced, high‑privilege tooling for bypassing anti‑bot protections (CDP takeovers, driver injection, local tunnel forwarding). That capability can be legitimate for research but is risky. Before installing or running: 1) Verify whether the registry actually enforces disable-model-invocation (SKILL.md/_meta.json claim disable-model-invocation:true but registry flags here show false). If autonomous invocation is permitted, assume the agent could run high‑privileg...详细分析 ▾
ℹ 用途与能力
The name/description (web-bypass, stealth browsing) aligns with included scripts: scrapling, curl_cffi, DrissionPage usage, and utilities for CDP takeovers and tunneling. However multiple included scripts provide low-level driver injection, CDP Runtime.evaluate execution, and a socket relay — features that are high‑privilege and go beyond simple 'fetch' helpers. These advanced capabilities can be coherent for the stated goal but are disproportionate for a lightweight 'fetch' helper and should be explicitly justified.
⚠ 指令范围
SKILL.md instructs running the unified engine (freedom_engine.py) which is expected, but bundled code references/executes high‑scope actions: raw CDP takeover (force_takeover.py / force injection), direct BrowserDriver injection (nuclear_option.py), creation of local relays and Unix auth sockets, and opening of HTTP CDP endpoints on localhost. Several scripts expect interactive gating or token files; those gating mechanisms are fragile or not enforced by the declared runtime instructions. The agent instructions do not declare or warn about these local privileged operations.
✓ 安装机制
No remote installers or downloads are used; dependencies are Python packages listed in requirements.txt and SKILL.md. There is no download-from-URL or extract step in the manifest. This reduces supply‑chain risk compared to remote binary pulls.
⚠ 凭证需求
Manifest/metadata declare no required env vars, yet code expects external signals and secrets not declared: SOTA_NUCLEAR_CONFIRMED env var (nuclear_option.py), a lock file at ~/.openclaw/tmp/sota_active.lock (sota_security.py), and a memory Unix socket /tmp/.sota_auth.sock used for UDS handshakes. Those are control/authorization mechanisms but are not described in SKILL.md or manifest. The number and sensitivity of implicit controls is high relative to the declared 'no env vars' policy.
⚠ 持久化与权限
The package does not request 'always: true' (good), and SKILL.md/_meta.json include disable-model-invocation: true (which would prevent autonomous invocation). However the registry-level flags reported at the top of this evaluation show disable-model-invocation:false — a metadata mismatch. The code can create local relays/tunnels and spawn subprocesses that run for up to an hour; while scripts include self‑destruct/timeouts, these capabilities increase the blast radius if the skill is invoked — particularly if autonomous invocation is allowed. The metadata inconsistency about model invocation is an important red flag.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv8.0.02026/3/15
MAJOR EVOLUTION: Rebranded to Web Freedom Toolkit. Integrated the Scrapling engine for self-healing stealth fetches. Unified S-Mode, CFFI-Mode, and D-Mode into a single offensive strategy (v8.0.0).
● 可疑
安装命令 点击复制
官方npx clawhub@latest install web-freedom-toolkit
镜像加速npx clawhub@latest install web-freedom-toolkit --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制