📦 webcli — 网页自动化
v0.2.1webcli 提供无头浏览器能力,可浏览网页、读取内容、点击按钮、填写表单、截图并获取可访问性快照,适合自动化测试与数据采集。
0· 714·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
安全
high confidenceThe skill's instructions, prerequisites, and capabilities match its stated purpose (headless web automation); nothing requested looks unrelated or disproportionate, though installing a third‑party npm package and using a headless browser carries the usual supply‑chain and privacy risks.
评估建议
This skill appears internally consistent for headless browser automation. Before installing or running it: (1) review and trust the npm package and its GitHub repo (supply‑chain risk); (2) run the tool in a sandbox or isolated environment if possible; (3) avoid directing the agent to log into or visit pages containing highly sensitive data unless you trust the agent and skill, because cookies/localStorage/session exports could leak credentials; (4) be aware the prerequisites will download browse...详细分析 ▾
✓ 用途与能力
The name/description (web browsing, clicking, filling forms, screenshots, accessibility snapshots) align with the SKILL.md commands and examples. The prerequisite npm package and Playwright browser install are expected for a CLI headless browser.
ℹ 指令范围
Instructions focus on web navigation and interaction, which is in‑scope. They also include state/cookie export, localStorage access, file upload, and saving/restoring session.json — these are required for realistic browser automation but can expose site sessions or user files if misused.
ℹ 安装机制
There is no registry install spec; the SKILL.md tells users to run 'npm install -g @erdinccurebal/webcli' and 'npx playwright install chromium'. Using an npm-scoped package and Playwright is normal for this tool, but it does mean executing third‑party code and downloading browser binaries from the network (supply-chain risk).
ℹ 凭证需求
The skill declares no required environment variables or config paths. However, its functionality (cookies, localStorage, state export, file upload) can capture or persist sensitive data from sites visited; this is functionally necessary but worth noting from a privacy/credential exposure perspective.
✓ 持久化与权限
The skill does not request always:true, system config changes, or other skills' credentials. It is instruction-only and does not demand persistent platform privileges. Autonomous invocation is enabled by default (normal), so consider agent policies that control which URLs or actions the agent may perform.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.12026/2/23
Update website URL to webcli.erdinc.curebal.dev
● 可疑
安装命令
点击复制官方npx clawhub@latest install webcli
镜像加速npx clawhub@latest install webcli --registry https://cn.longxiaskill.com