4.6 KiB
crawler-reverse
中文 | English
一个适用于 OpenClaw 风格技能仓库 的可复用技能包,用于在合法授权前提下进行网页抓包分析、前端 JS 混淆排查、请求签名定位、反爬链路梳理,以及浏览器辅助逆向分析。
这个技能能做什么
当你需要下面这些能力时,可以使用 crawler-reverse:
- 分析页面请求链路
- 查找
sign、token、timestamp、nonce或自定义 Header 的生成位置 - 比较浏览器请求与脚本请求差异
- 排查与请求相关的前端 JS 混淆逻辑
- 分析 Cookie / localStorage / sessionStorage / Header 依赖
- 复现一个已观察到的请求流程,并输出最小验证脚本
安全边界
这个技能仅用于合法授权、正当测试、自有系统调试、教学演示或明确获准的分析场景。
不应用于:
- 未授权访问
- 绕过登录、权限、付费墙、验证码或限流
- 撞库、账号滥用
- 未经授权的大规模采集
- 为攻击性滥用提供规避安全控制方案
如果授权范围不明确,应该先确认再继续。
仓库内容
SKILL.md— 技能主说明skill.json— 基础元数据,可用于索引/注册examples/example.md— 示例提示词与使用方式LICENSE— MIT 许可证
推荐用法
典型分析流程:
- 在浏览器中复现用户操作
- 观察 XHR / fetch / websocket / document 请求
- 识别动态参数
- 追踪这些参数的生成位置
- 对比浏览器请求与脚本请求
- 产出最小验证脚本
推荐配套工具
这个技能适合与以下工具配合使用:
- 浏览器自动化 / 浏览器检查工具
- 本地文件读取工具
- shell / grep / ripgrep
- 小型 Python / JavaScript 验证脚本
安装方式
将该目录复制到你的 OpenClaw 兼容 skills 目录,或根据你的 OpenClaw 配置将该 GitHub 仓库作为自定义技能来源引入。
技能摘要
- 名称: crawler-reverse
- 分类: web-analysis / reverse-engineering / debugging
- 主要输出: 请求链路分析、参数来源说明、安全复现步骤
说明
这个仓库目前采用通用 GitHub skill 仓库布局生成,后续如果需要适配某个 OpenClaw 技能注册中心或特定格式,可以再进一步调整。
English
A reusable OpenClaw-style skill package for authorized web traffic analysis, JS deobfuscation support, request-signature tracing, anti-bot workflow inspection, and browser-assisted reverse engineering.
What this skill is for
Use crawler-reverse when you need to:
- inspect a page's request chain
- locate where
sign,token,timestamp,nonce, or custom headers are generated - compare browser requests with script requests
- analyze obfuscated frontend JS related to requests
- understand cookie / localStorage / sessionStorage / header dependencies
- reproduce an observed request flow with a minimal script
Safety boundary
This skill is intended only for authorized, defensive, educational, self-owned, or explicitly permitted analysis.
It must not be used for:
- unauthorized access
- bypassing authentication, paywalls, permissions, captchas, or rate limits
- credential stuffing / account abuse
- large-scale scraping in violation of authorization
- evasion of security controls for abusive purposes
If authorization is unclear, ask first.
Package contents
SKILL.md— full skill instructionsskill.json— basic metadata for registry/indexingexamples/example.md— example invocation patternsLICENSE— MIT
Suggested usage
Typical workflow:
- Reproduce the user action in a browser
- Observe XHR / fetch / websocket / document requests
- Identify dynamic parameters
- Trace where they are generated
- Compare browser and script requests
- Produce a minimal validation script
Recommended tools
This skill is designed to pair well with tools such as:
- browser automation / browser inspection tools
- local file readers
- shell / grep / ripgrep
- small Python or JavaScript validation scripts
Install
Copy this folder into your OpenClaw-compatible skills directory, or add it as a GitHub-hosted custom skill source depending on your OpenClaw setup.
Skill summary
- Name: crawler-reverse
- Category: web-analysis / reverse-engineering / debugging
- Primary output: request-chain analysis, parameter-origin explanation, safe reproduction steps
Publishing note
This package was generated in a generic GitHub skill-repo layout so it can be adapted to a specific OpenClaw registry format later if needed.