← Back to Skills Marketplace
踩坑 1:外层
153
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install chrome-control-proxy
Description
宿主机 chrome-control-proxy 服务调用指南。通过 HTTP 控制 Chrome 生命周期与 Playwright(page-dom 快照、run 脚本)。适用于 OpenClaw 在容器内访问 host.docker.internal:3333 或宿主机直接访问 127.0.0.1:3333。...
README (SKILL.md)
chrome-control-proxy 服务(OpenClaw)
前置条件
- 宿主机已安装 Node ≥ 18,并全局安装服务包:
npm install -g chrome-control-proxy。 - 服务已启动:宿主机执行
ccp start,默认http://127.0.0.1:3333。 - 自动化前通常需 Chrome 已带远程调试:
POST /browser/start(或你手动用--remote-debugging-port=9222启动)。 - 容器内将主机换为
host.docker.internal:3333(Linux Docker 可能需配置extra_hosts)。
推荐调用顺序(自动化任务)
GET /health→ 确认 HTTP 服务可用;browser.running为 false 时先POST /browser/start。GET /playwright/status→ 确认 CDP 可连(失败则检查 Chrome 是否在CHROME_PORT监听)。- 需要页面结构时:
POST /playwright/page-dom,优先传selector与playwrightSnapshotMode: "compact"。 - 只执行动作:
POST /playwright/run;动作前后都要拿快照时优先用POST /playwright/pipeline。
page-dom、pipeline 与 run 在服务端 串行队列,不要假设并行请求能同时操作同一标签页。
POST /playwright/page-dom
用于把页面信息交给模型生成脚本,优先用 Playwright 专用快照减 token。
建议 body:
url:要打开的地址(可选;不传则对当前target对应标签页快照)。waitUntil:如domcontentloaded、networkidle、load。页面分析优先domcontentloaded。timeout:导航超时毫秒数。target:first|last|new。includeHtml: false:不需要整页 HTML 时务必关闭。includePlaywrightSnapshot: true:返回playwright.targets[],每项含tag、name、placeholder、suggestedLocator等,便于写page.locator/getByRole。playwrightSnapshotMode: "compact":只保留精简的targets[]字段,更适合高频分析链路。selector:只截取某子树(如主内容区)。includeInnerText/includeAccessibility:按需。
响应中 playwright 过大可能被截断,注意 playwrightTruncated。
POST /playwright/pipeline
用于一次请求完成以下任意组合:
- 外层导航到目标页
beforePageDom:执行前快照script:执行脚本afterPageDom:执行后快照
适合“点击后还要继续分析页面状态”的链路,避免额外再调一次 page-dom。
POST /playwright/run
Body 中 script 为字符串,内容是 async 函数体(不是完整 async function(){ } 包裹),可:
await page.goto(...)await page.locator(...).click()return { ok: true, ... }把结果回传给 HTTP JSON。
注入变量:page、context、browser(与当前 CDP 浏览器一致)。
踩坑 1:外层 url 与脚本内导航
若请求 body 里带了 url,服务会 先对该 URL 执行 goto,再执行脚本。
- 登出再登入、先清 Cookie 再打开登录页:请 不要 在外层传
url,只在脚本里写await page.context().clearCookies()、localStorage.clear()、sessionStorage.clear()后再goto业务站。否则会出现「先跳进已登录态页面,再清 Cookie」的顺序错误。
踩坑 2:会话与多步 OAuth
统一登录常跳转到独立域名(如 OAuth)。多步流程(账号 → 租户)可用 多次 run,且 target 保持一致(如 first),除非有意新开标签页用 new。
踩坑 3:便捷登录 / 确认框
若出现「便捷登录」等 Element Plus / Dialog,优先点 主按钮:如 .el-message-box__btns .el-button--primary、.el-dialog__footer .el-button--primary,或 getByRole('button', { name: /确认|确定|继续/ })。
仅在 input[name="account"] 等元素可见 时再填账号密码验证码,避免「不必等输密码」的场景下仍机械填表。
踩坑 4:UI 退出登录
不要直接点隐藏菜单里的「退出登录」节点(可能被首页层遮挡)。优先 clearCookies + 存储清理 或先展开用户下拉再点退出。
踩坑 5:超时
大页面或慢网络:增大 timeout(导航)与 scriptTimeout(脚本总执行时间,受 PLAYWRIGHT_RUN_DEFAULT_MS 等影响)。
踩坑 6:安全
脚本在沙箱中执行,不要对公网暴露 本服务;勿向不可信方开放 /playwright/run。
与浏览器控制接口的关系
| 能力 | 路径 |
|---|---|
| 启停 Chrome | POST /browser/start、stop、restart |
| 健康检查 | GET /health、GET /browser/status |
| Playwright | GET /playwright/status、POST /playwright/page-dom、POST /playwright/pipeline、POST /playwright/run |
停止 Chrome 会断开 Playwright 的 CDP 连接;再次自动化前需重新 browser/start 并确保 Playwright 能连上。
CLI 备忘(宿主机)
全局安装包后可用 ccp start|stop|restart|status 管理 HTTP 进程,详见项目 README.md。
Usage Guidance
This skill is an instruction-only guide for calling a host-local HTTP service that controls Chrome/Playwright. It is internally consistent, but before installing or using it consider: (1) The proxy can execute arbitrary Playwright scripts you send to /playwright/run — treat it like a remote code execution endpoint for browser actions. Only allow trusted agents or add authentication/firewalling to the service and avoid exposing it to the public Internet. (2) The SKILL.md asks the host operator to install an npm package (so Node is required on the host); the skill itself will not perform that installation automatically. (3) If you run this in a container, ensure host.docker.internal is configured correctly and that the proxy cannot reach sensitive internal services you don't want automated code to access. (4) Prefer running the upstream package from the official project/repo (the README/homepage is provided) and verify you trust that code before installing it on a host that holds sensitive data.
Capability Analysis
Type: OpenClaw Skill
Name: chrome-control-proxy
Version: 1.0.2
The skill bundle describes a proxy service for browser automation that includes a high-risk endpoint, `/playwright/run`, which executes arbitrary JavaScript strings as asynchronous functions. While this functionality is aligned with the stated purpose of controlling Chrome via Playwright, the ability to execute unvalidated code on the host (via the Node.js service) poses a significant Remote Code Execution (RCE) risk. The `SKILL.md` file explicitly warns against exposing the service to untrusted parties, acknowledging the inherent security dangers of the tool's design.
Capability Tags
Capability Assessment
Purpose & Capability
The skill's name/description, SKILL.md, and declared requirement of the 'node' binary are consistent: the documentation tells a human to install the npm package (chrome-control-proxy) on the host (which requires Node). However, the skill itself is instruction-only (no code) and does not need Node to merely call the HTTP endpoints; the declared 'node' requirement is targeted at the host-side setup rather than the agent runtime. This is plausible but worth noting so users understand why 'node' appears in requirements.
Instruction Scope
The SKILL.md stays on-scope: it documents only HTTP endpoints (health, browser start/stop, Playwright page-dom/pipeline/run) and gives caller-side sequencing caveats. It does not instruct reading unrelated files or environment variables. Important caveat: /playwright/run accepts arbitrary async script bodies (with injected page/context/browser), so clients can cause the controlled browser to navigate, access network endpoints, or interact with local resources — this is an intended capability of the proxy but is a sensitive power and the docs rightly warn not to expose the service to untrusted callers.
Install Mechanism
There is no install spec in the skill bundle (instruction-only), which is the lowest install risk. The SKILL.md recommends a global npm install on the host (npm install -g chrome-control-proxy); that is an instruction for the host operator, not an automatic install performed by the skill. No downloads or archive extracts are performed by the skill itself.
Credentials
The skill declares no environment variables or credentials and the runtime instructions do not request secrets. This is proportionate to a local HTTP control proxy. There are no unexplained credential requests.
Persistence & Privilege
The skill is not flagged 'always:true' and uses the platform default (agent-invocable/autonomous invocation allowed). It does not request persistent system-level configuration or access to other skills' credentials. Autonomous invocation is standard for skills; combine with the previous note about script execution when deciding trust level.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install chrome-control-proxy - After installation, invoke the skill by name or use
/chrome-control-proxy - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- Added documentation for the new /playwright/pipeline endpoint, supporting chained actions and snapshots in a single request.
- Recommended using the compact Playwright snapshot mode ("playwrightSnapshotMode: 'compact'") for high-frequency analysis scenarios in /playwright/page-dom.
- Updated suggested parameter usage for /playwright/page-dom and described preferred snapshot and selector options.
- Recommended /playwright/pipeline over sequential /page-dom and /run when both pre- and post-action page analysis are needed.
- Expanded and clarified the relation table for Playwright endpoints, now including /playwright/pipeline.
v1.0.1
- 增加对 Linux 和 Windows 操作系统的支持说明(原仅列出 macOS)。
- 移除快速 CLI 安装指导和二进制依赖 ccp 的特殊说明,依赖项简化为 node。
- 版本号从 1.0.0 升级至 1.0.1。
- 其他文档内容与接口用法保持不变。
v1.0.0
chrome-control-proxy 1.0.0 initial release
- Provides HTTP APIs to control Chrome’s lifecycle and automate tasks via Playwright.
- Supports both host and container access (host.docker.internal:3333 or 127.0.0.1:3333).
- Includes endpoints for health checks, Chrome/process status, page structure snapshot, and script execution.
- Offers best practices and detailed usage notes to avoid common Playwright and request sequence issues.
- CLI (ccp) included for starting, stopping, and managing the service.
Metadata
Frequently Asked Questions
What is Chrome Control Proxy?
宿主机 chrome-control-proxy 服务调用指南。通过 HTTP 控制 Chrome 生命周期与 Playwright(page-dom 快照、run 脚本)。适用于 OpenClaw 在容器内访问 host.docker.internal:3333 或宿主机直接访问 127.0.0.1:3333。... It is an AI Agent Skill for Claude Code / OpenClaw, with 153 downloads so far.
How do I install Chrome Control Proxy?
Run "/install chrome-control-proxy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Chrome Control Proxy free?
Yes, Chrome Control Proxy is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Chrome Control Proxy support?
Chrome Control Proxy is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, windows).
Who created Chrome Control Proxy?
It is built and maintained by KiKi (@zhengxiangqi); the current version is v1.0.2.
More Skills