Chrome — DevTools调试

Name: Chrome — DevTools调试
Rating: 1 (13 reviews)
Author: Iván

Iván

Chrome — DevTools调试

v1.0.0

Chrome DevTools协议、扩展Manifest V3和调试模式，防止常见自动化失败。

13· 3,800·40 当前·42 累计

by @ivangdavila (Iván)·MIT-0

开发工具自动化 AI模型访问浏览器自动化

下载技能包

License

MIT-0

最后更新

2026/2/26

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

这是一个仅指令的技能，包含Chrome DevTools协议和Manifest V3的最佳实践说明；不请求凭证、安装或文件系统访问，其需求与其声明的目的匹配。

评估建议

此技能仅提供指令，与其目的一致：提供CDP和Manifest V3最佳实践，不要求凭证或安装。如果您计划将这些指令转换为可运行代码或将此技能与其他可以执行shell命令或进行网络调用的技能组合，请在运行前审查生成的代码。...

详细分析 ▾

✓ 用途与能力

The name/description (CDP, Manifest V3, debugging) align with the SKILL.md content. Nothing in the instructions asks for unrelated capabilities, credentials, or external services.

✓ 指令范围

The SKILL.md contains guidance for using CDP, extension patterns, context detection, and debugging. It does not instruct the agent to read local files, environment variables, secrets, or to transmit data to unexpected endpoints. All guidance is scoped to browser automation and extension development.

✓ 安装机制

There is no install spec or code — the skill is instruction-only, so nothing is written to disk or downloaded. This is the lowest-risk install profile.

✓ 凭证需求

The skill declares no environment variables, credentials, or config paths. The instructions reference only browser globals and CDP endpoints appropriate to the stated purpose.

✓ 持久化与权限

always is false and the skill does not request persistent privileges or modify other skills or system-wide settings. The default ability for the agent to invoke the skill autonomously is normal and not excessive here.

安全有层次，运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发，无需署名。

查看条款 ↗

运行时依赖

无特殊依赖

版本

latestv1.0.02026/2/10

Initial release

● 无害

安装命令点击复制

官方npx clawhub@latest install chrome

镜像加速npx clawhub@latest install chrome --registry https://cn.clawhub-mirror.com

技能文档

Chrome DevTools Protocol (CDP)

Get tab WebSocket URL first: Never connect to ws://localhost:9222/devtools/browser directly. Fetch http://localhost:9222/json/list and use webSocketDebuggerUrl from the active tab.

Enable domains before use: Runtime.enable and Page.enable must be called before any Runtime.evaluate or Page.navigate commands.

CDP is async: Wait for response before sending next command. Use Promise-based wrapper with response ID tracking.

Screenshot on high-DPI: Include fromSurface: true and scale: 2 in Page.captureScreenshot params for Retina displays.

Get response body separately: Network.responseReceived doesn't include body. Call Network.getResponseBody with requestId after response completes.

Chrome Extension Manifest V3

Permissions split: Use permissions for APIs, host_permissions for URLs. Never use http:/// in permissions.

Service workers terminate: No persistent state. Use chrome.storage.local instead of global variables. Use chrome.alarms instead of setInterval.

Content script isolation: Can't access page globals. Use chrome.scripting.executeScript with func for page context. Use window.postMessage for content↔page communication.

Storage is async: chrome.storage.local.get() returns Promise, not data. Always await. Handle QUOTA_EXCEEDED errors.

Context Detection

Detect actual Chrome (not Edge/Brave): Check window.chrome && navigator.vendor === "Google Inc." and exclude Opera/Edge.

Extension context types:

chrome.runtime.id exists → content script
chrome.runtime.getManifest exists → popup/background/options
chrome.loadTimes exists but no runtime → regular Chrome web page

Manifest version check: Wrap chrome.runtime.getManifest() in try-catch. Use chrome.action for V3, chrome.browserAction for V2.

Performance Debugging

Memory API conditional: Check 'memory' in performance before accessing performance.memory.usedJSHeapSize.

Use performance marks: performance.mark() and performance.measure() for sub-frame timing. Clear marks to prevent memory leaks.

Layout thrash detection: PerformanceObserver with entryTypes: ['measure', 'paint', 'largest-contentful-paint']. Flag entries >16.67ms.

Network Debugging

Block before navigate: Call Network.setBlockedURLs before Page.navigate, not after.

Request interception: Use Network.setRequestInterception with requestStage: 'Request' for granular control. Return errorReason: 'BlockedByClient' to block.

Security Contexts

Mixed content: HTTPS pages can't load HTTP resources. Check location.protocol vs resource URL.

CORS errors: TypeError on cross-origin fetch usually means CORS. Check DevTools Network tab for specific error.

Secure context required: File System Access API, Clipboard API require window.isSecureContext === true and user gesture.

Chrome DevTools Protocol (CDP)

Get tab WebSocket URL first: Never connect to ws://localhost:9222/devtools/browser directly. Fetch http://localhost:9222/json/list and use webSocketDebuggerUrl from the active tab.

Enable domains before use: Runtime.enable and Page.enable must be called before any Runtime.evaluate or Page.navigate commands.

CDP is async: Wait for response before sending next command. Use Promise-based wrapper with response ID tracking.

Screenshot on high-DPI: Include fromSurface: true and scale: 2 in Page.captureScreenshot params for Retina displays.

Get response body separately: Network.responseReceived doesn't include body. Call Network.getResponseBody with requestId after response completes.

Chrome Extension Manifest V3

Permissions split: Use permissions for APIs, host_permissions for URLs. Never use http:/// in permissions.

Service workers terminate: No persistent state. Use chrome.storage.local instead of global variables. Use chrome.alarms instead of setInterval.

Content script isolation: Can't access page globals. Use chrome.scripting.executeScript with func for page context. Use window.postMessage for content↔page communication.

Storage is async: chrome.storage.local.get() returns Promise, not data. Always await. Handle QUOTA_EXCEEDED errors.

Context Detection

Detect actual Chrome (not Edge/Brave): Check window.chrome && navigator.vendor === "Google Inc." and exclude Opera/Edge.

Extension context types:

chrome.runtime.id exists → content script
chrome.runtime.getManifest exists → popup/background/options
chrome.loadTimes exists but no runtime → regular Chrome web page

Manifest version check: Wrap chrome.runtime.getManifest() in try-catch. Use chrome.action for V3, chrome.browserAction for V2.

Performance Debugging

Memory API conditional: Check 'memory' in performance before accessing performance.memory.usedJSHeapSize.

Use performance marks: performance.mark() and performance.measure() for sub-frame timing. Clear marks to prevent memory leaks.

Layout thrash detection: PerformanceObserver with entryTypes: ['measure', 'paint', 'largest-contentful-paint']. Flag entries >16.67ms.

Network Debugging

Block before navigate: Call Network.setBlockedURLs before Page.navigate, not after.

Request interception: Use Network.setRequestInterception with requestStage: 'Request' for granular control. Return errorReason: 'BlockedByClient' to block.

Security Contexts

Mixed content: HTTPS pages can't load HTTP resources. Check location.protocol vs resource URL.

CORS errors: TypeError on cross-origin fetch usually means CORS. Check DevTools Network tab for specific error.

Secure context required: File System Access API, Clipboard API require window.isSecureContext === true and user gesture.

数据来源：ClawHub ↗ · 中文优化：龙虾技能库

OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险，如需更匹配、更安全的方案，建议联系付费定制

了解定制服务

License

运行时依赖

版本

安装命令 点击复制

技能文档

Chrome DevTools Protocol (CDP)

Chrome Extension Manifest V3

Context Detection

Performance Debugging

Network Debugging

Security Contexts

Chrome DevTools Protocol (CDP)

Chrome Extension Manifest V3

Context Detection

Performance Debugging

Network Debugging

Security Contexts

安装命令点击复制