中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 10/100
Last scan:1 day ago Rescan
10 /100
page-agent
Enhanced browser DOM manipulation using PageAgent's page-controller. Injects into any web page via CDP to provide precise DOM extraction, element detection, and interaction simulation.
This is a legitimate browser automation skill that injects Alibaba's PageController library into web pages via CDP for DOM manipulation. No malicious behavior, credential theft, or hidden functionality was found.
Skill Namepage-agent
Duration31.9s
Enginepi
Safe to install
Approve for use. The skill is well-documented and performs its stated purpose of enhanced browser DOM manipulation without any security violations.

Findings 2 items

Severity Finding Location
Low
Missing package.json with pinned dependencies Supply Chain
inject-via-cdp.sh uses the `ws` WebSocket npm package but no package.json or requirements.txt is present in the skill. The `ws` package is a standard CDP dependency but should be explicitly declared and version-pinned.
const WebSocket = require('ws');
→ Add a package.json with { "ws": "^8.0.0" } declared as a dependency
 scripts/inject-via-cdp.sh:26
Info
SKILL.md omits shell:WRITE usage Doc Mismatch
SKILL.md documents the inject-cdp.mjs usage but does not mention that the skill also provides inject-via-cdp.sh which uses Bash with node -e execution. This is a minor documentation gap.
bash ~/.openclaw/workspace/skills/page-agent/scripts/inject-cdp.mjs
→ Document that inject-via-cdp.sh exists as an alternative shell-based injection method
 SKILL.md:1
ResourceDeclaredInferredStatusEvidence
Filesystem NONE NONE No filesystem access in any script — all file reads are local script loading wit…
Network NONE READ ✓ Aligned inject-cdp.mjs:13 — connects to http://127.0.0.1:18800 for CDP protocol; this is…
Shell NONE WRITE ✓ Aligned inject-via-cdp.sh:6 — runs `node -e` with inline JS; this is documented browser …
Browser browser:WRITE WRITE ✓ Aligned All scripts inject JavaScript into browser pages via CDP, performing DOM manipul…
Skill Invoke NONE NONE No skill-to-skill invocation found
1 findings
🔗
Medium External URL 外部 URL
http://127.0.0.1:18800
scripts/inject-cdp.mjs:9

File Tree

6 files · 151.1 KB · 4279 lines
JavaScript 4f · 4122L Markdown 1f · 93L Shell 1f · 64L
├─ 📁 scripts
│ ├─ 📜 inject-cdp.mjs JavaScript 53L · 1.9 KB
│ ├─ 🔧 inject-via-cdp.sh Shell 64L · 1.6 KB
│ ├─ 📜 inject.js JavaScript 62L · 1.6 KB
│ ├─ 📜 page-controller-global.js JavaScript 2002L · 71.0 KB
│ └─ 📜 page-controller.js JavaScript 2005L · 71.0 KB
└─ 📝 SKILL.md Markdown 93L · 4.0 KB

Dependencies 1 items

PackageVersionSourceKnown VulnsNotes
ws * npm (referenced but not declared in package.json) No Referenced in inject-via-cdp.sh but no package.json exists to pin or track this dependency

Security Positives

✓ All code is human-readable with no obfuscation, base64 encoding, or anti-analysis patterns
✓ No credential harvesting, environment variable enumeration, or sensitive file access
✓ No data exfiltration or C2 communication — all network activity is localhost CDP only
✓ Library code is from the well-known alibaba/page-agent open-source project (v1.5.6)
✓ SKILL.md accurately describes the functionality and usage workflow
✓ No reverse shell, arbitrary code execution, or privilege escalation mechanisms present
✓ The execJS() method is declared in SKILL.md and represents legitimate browser automation
✓ Both page-controller files use standard DOM APIs with no malicious extensions
✓ No supply_chain typosquatting indicators or malicious dependency patterns detected