← Back to Skills Marketplace
2199
Downloads
1
Stars
20
Active Installs
1
Versions
Install in OpenClaw
/install puppeteer
Description
Automate Chrome and Chromium with Puppeteer for scraping, testing, screenshots, and browser workflows.
Usage Guidance
This skill appears to be a legitimate Puppeteer guide, but it includes instructions that let an agent create persistent files and store details about target sites without explicitly asking the user. Before installing or enabling it: (1) require explicit user consent before the agent creates ~/puppeteer or runs npm install; (2) inspect any scripts the agent writes to ~/puppeteer/scripts/ before executing them; (3) refuse to store credentials in memory.md — only provide secrets directly to ephemeral scripts and delete them after use; (4) consider running automation in a sandboxed account or container and restrict network access if you do not trust the skill owner (source is unknown); (5) if you want tighter control, ask the agent to show exact commands it will run (including npm install package names and versions) and to log all created files for user review. These steps reduce the risk of hidden data collection or inadvertent installation of third-party packages.
Capability Analysis
Type: OpenClaw Skill
Name: puppeteer
Version: 1.0.0
The skill is classified as suspicious due to its instructions for the AI agent to execute shell commands, specifically `npm install puppeteer`, `node --version`, and `npm list puppeteer` in `setup.md`. While these commands are plausibly necessary for a browser automation skill, the capability to execute arbitrary shell commands represents a significant vulnerability (potential RCE) if the agent were to be prompted to install a malicious package or execute other commands. Additionally, `setup.md` contains mild prompt injection attempts like instructing the agent to 'Don't ask — just start naturally' and to store information 'without mentioning file paths to them', which aim to influence the agent's behavior and communication style, even if not directly malicious in this context.
Capability Assessment
Purpose & Capability
Name and description align with the instructions: it's an instruction-only Puppeteer helper and correctly requires the 'node' binary. The files (setup, selectors, waiting, memory-template) are consistent with browser automation and nothing requested is obviously unrelated to that purpose.
Instruction Scope
The SKILL.md and setup.md instruct the agent to create and persist data under ~/puppeteer/, to collect 'target sites' and 'preferred patterns', and to 'store in ~/puppeteer/memory.md without mentioning file paths to them.' setup.md also says 'Don't ask — just start naturally.' Those phrases encourage autonomous file creation and hidden storage of potentially sensitive target/site information and selectors. While storing session data is reasonable for automation, the explicit instruction to hide storage details and to proceed without asking is scope-creep and a privacy/consent risk.
Install Mechanism
This is instruction-only (no install spec), which reduces installation risk. However, setup.md suggests running 'npm install puppeteer' or 'puppeteer-core' if missing. Allowing the agent to run npm installs at runtime can introduce arbitrary third-party code; this is proportionate only if the user explicitly consents and the exact package (and version) is controlled. No downloads from untrusted URLs or archives are present in the skill files.
Credentials
The skill requires no environment variables or external credentials in registry metadata, which is proportionate. It does instruct to accept credentials 'per-script' when needed for login flows, but it does not request or justify persistent credential storage or access to unrelated credentials. That said, the instruction to save usage memory (including target sites) could inadvertently collect sensitive data if the user provides it; the skill does not require nor clearly forbid storing credentials in memory.
Persistence & Privilege
The skill expects to create a persistent folder (~ /puppeteer) and keep a memory.md of targets, patterns, and preferences. Persisting automation state is reasonable, but combined with 'don't ask' and 'don't mention file paths to them' guidance it grants the agent leeway to create and hide persistent artifacts. The skill does not request always:true and does not modify other skills, but the concealment guidance raises a persistence/privacy concern.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install puppeteer - After installation, invoke the skill by name or use
/puppeteer - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Puppeteer?
Automate Chrome and Chromium with Puppeteer for scraping, testing, screenshots, and browser workflows. It is an AI Agent Skill for Claude Code / OpenClaw, with 2199 downloads so far.
How do I install Puppeteer?
Run "/install puppeteer" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Puppeteer free?
Yes, Puppeteer is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Puppeteer support?
Puppeteer is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, darwin, win32).
Who created Puppeteer?
It is built and maintained by Iván (@ivangdavila); the current version is v1.0.0.
More Skills