← 返回 Skills 市场
590
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install browser-playwright-bridge
功能描述
Run Playwright scripts that reuse OpenClaw browser's login state via CDP with automatic lock-based conflict prevention.
使用说明 (SKILL.md)
Browser ↔ Playwright Bridge
OpenClaw's browser tool and external Playwright scripts cannot share the same CDP connection simultaneously. This skill provides a lock-based bridge: stop OpenClaw browser → run Playwright with the same Chrome profile (cookies/login intact) → release for OpenClaw to reconnect.
Architecture
Chrome (CDP port) ← shared user-data-dir (~/.openclaw/browser/openclaw/user-data)
↕ mutually exclusive
┌──────────────┐ ┌──────────────────┐
│ OpenClaw │ OR │ Playwright script │
│ browser tool │ │ (zero token cost) │
└──────────────┘ └──────────────────┘
↕ managed by browser-lock.sh
Setup
- Install Playwright in the workspace (once):
cd \x3Cworkspace> && npm install playwright
Note:
npx playwright installis NOT needed. Playwright connects to the existing Chrome via CDP — no local browser download required.
- Copy
scripts/browser-lock.shto your workspacescripts/directory:
chmod +x scripts/browser-lock.sh
Discovering the CDP Port
The CDP port is dynamically assigned. Never hardcode it. Use discoverCdpUrl() (see below) or the shell equivalent in browser-lock.sh.
Shell one-liner:
ps aux | grep 'remote-debugging-port=' | grep -v grep | grep -o 'remote-debugging-port=[0-9]*' | head -1 | cut -d= -f2
Verify CDP is responding:
curl -s --max-time 1 http://127.0.0.1:\x3Cport>/json/version
Usage
Run a Playwright script (recommended)
./scripts/browser-lock.sh run scripts/my-task.js [args...]
./scripts/browser-lock.sh run --timeout 120 scripts/my-task.js # custom timeout
Default timeout: 300s. If the script exceeds it, the watchdog kills it and releases the lock.
This automatically: checks lock → stops OpenClaw browser → starts Chrome with CDP → runs script → cleans up → releases lock.
Manual acquire/release
./scripts/browser-lock.sh acquire # stop OpenClaw browser, start Chrome
node scripts/my-task.js # run script(s)
./scripts/browser-lock.sh release # kill Chrome, release lock
Check status
./scripts/browser-lock.sh status
Writing Playwright Scripts
Use scripts/playwright-template.js as starting point.
CDP Discovery Helper
All scripts should use discoverCdpUrl() instead of hardcoding a port:
const { execSync } = require('child_process');
/**
* Discover the CDP URL by inspecting Chrome process args.
* Falls back to CDP_PORT env var, then probes common ports.
*/
function discoverCdpUrl() {
// Method 1: extract from running Chrome process
try {
const ps = execSync(
"ps aux | grep 'remote-debugging-port=' | grep -v grep",
{ encoding: 'utf8', timeout: 3000 }
);
const match = ps.match(/remote-debugging-port=(\d+)/);
if (match) return `http://127.0.0.1:${match[1]}`;
} catch {}
// Method 2: CDP_PORT env var
if (process.env.CDP_PORT) {
return `http://127.0.0.1:${process.env.CDP_PORT}`;
}
// Method 3: probe common ports
// 18800 is the typical OpenClaw default; others are common CDP conventions
const { execSync: probe } = require('child_process');
for (const port of [18800, 9222, 9229]) {
try {
probe(`curl -s --max-time 1 http://127.0.0.1:${port}/json/version`, {
encoding: 'utf8', timeout: 2000
});
return `http://127.0.0.1:${port}`;
} catch {}
}
throw new Error('CDP port not found. Is Chrome running with --remote-debugging-port?');
}
Script Pattern
const { chromium } = require('playwright');
async function main() {
let browser;
try {
browser = await chromium.connectOverCDP(discoverCdpUrl());
} catch (e) {
console.error('❌ Cannot connect to Chrome CDP:', e.message);
console.error(' Ensure browser-lock.sh acquire was called, or Chrome is running with --remote-debugging-port');
process.exit(1);
}
const context = browser.contexts()[0]; // reuse existing context (cookies!)
const page = await context.newPage();
try {
// ====== Your automation here ======
await page.goto('https://example.com');
console.log('Title:', await page.title());
// ==================================
} catch (e) {
console.error('❌ Script error:', e.message);
throw e;
} finally {
await page.close(); // close only your tab
// NEVER call browser.close() — it kills the entire Chrome
}
}
main().then(() => process.exit(0)).catch(e => {
console.error('❌', e.message);
process.exit(1);
});
Critical rules:
browser.contexts()[0]— reuse the existing context to inherit cookies/loginpage.close()only — neverbrowser.close()- Always
process.exit(0)on success — Playwright keeps event loops alive otherwise - Wrap
connectOverCDPin try-catch — fail fast with a clear message
Workflow: Explore → Record → Replay
- Explore — Use OpenClaw browser tool (snapshot/act) to figure out a new workflow
- Record — Ask the agent to convert the steps into a Playwright script
- Replay — Run via
browser-lock.sh run— zero token cost, deterministic
Cron / Scheduled Tasks
In cron tasks, call browser-lock.sh directly:
cd /path/to/workspace && ./scripts/browser-lock.sh run scripts/publish-task.js
The lock file (/tmp/openclaw-browser.lock) prevents concurrent browser access. If a lock is stale (owner process dead), it auto-recovers.
Troubleshooting
| Problem | Fix |
|---|---|
Lock held by PID xxx |
./scripts/browser-lock.sh release to force-release |
| Playwright connectOverCDP timeout | Ensure OpenClaw browser is stopped first (acquire does this) |
CDP port not found |
Chrome isn't running; call browser-lock.sh acquire first |
openclaw browser stop doesn't kill Chrome |
Known issue; browser-lock.sh kills the process directly |
| Script hangs after completion | Add process.exit(0) at the end |
| Login expired | Use OpenClaw browser tool to re-login, then run scripts again |
Environment Variables
| Var | Default | Description |
|---|---|---|
CDP_PORT |
auto-discover | Override CDP port (skips process detection) |
CHROME_BIN |
auto-detect | Path to Chrome/Chromium binary |
HEADLESS |
auto | Set true/1 to force headless; false/0 to force headed. Auto-detects on Linux without DISPLAY |
安全使用建议
This skill appears to do what it claims — manage a mutex and let Playwright reuse OpenClaw's Chrome profile — but it performs intrusive local operations. Before installing or using it: (1) review and understand the scripts (browser-lock.sh will kill processes and start Chrome with your OpenClaw profile); (2) do not run untrusted Playwright scripts under this bridge because they will inherit your browser cookies/sessions and can act as you in logged-in sites; (3) consider making a disposable copy of the user-data directory or using a separate profile for automation to limit exposure; (4) test in a non-production environment first to ensure the CDP discovery/kill logic doesn't terminate unrelated Chrome instances on your machine; (5) if you need stricter isolation, prefer running Playwright with a separate profile or a dedicated browser instance rather than reusing OpenClaw's profile.
功能分析
Type: OpenClaw Skill
Name: browser-playwright-bridge
Version: 1.1.0
The `scripts/browser-lock.sh` script contains critical shell injection vulnerabilities. The `CDP_PORT` environment variable, if controlled by an attacker, can lead to arbitrary command execution when used in `curl` commands (e.g., `curl ... "http://127.0.0.1:$CDP_PORT/json/version"`). Similarly, the `CHROME_BIN` environment variable, if controlled by an attacker, can lead to arbitrary command execution when the script attempts to execute the Chrome binary (e.g., `"$CHROME_BIN" ...`). These environment variables are explicitly documented as configurable in `SKILL.md`, making them direct attack vectors. While these are severe vulnerabilities allowing RCE, there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or stealth) within the provided files, aligning with a 'suspicious' classification rather than 'malicious'.
能力评估
Purpose & Capability
Name/description claim: share OpenClaw browser state with Playwright via CDP and avoid conflicts. Files and instructions implement exactly that: lock file management, CDP discovery, stopping/starting Chrome with the OpenClaw user-data-dir, and a Playwright template that connects over CDP. Required resources and declared metadata are proportionate to the stated purpose.
Instruction Scope
SKILL.md and the scripts instruct the agent/user to stop the OpenClaw browser, start a standalone Chrome with the same user-data-dir, run a Playwright script, and release the lock. These actions are consistent with the purpose but are intrusive: they read/write the OpenClaw user-data directory, probe local CDP ports, and kill Chrome processes matching the CDP port. The instructions do not access remote endpoints beyond localhost; they do run local process/port discovery and process termination which is within scope but has safety implications.
Install Mechanism
No install spec; the skill is instruction + two scripts. That is low-risk from an install perspective (nothing is automatically downloaded or written to the system by the registry). Playwright must be installed by the workspace operator (npm install playwright) — no hidden installers or external download URLs in the skill itself.
Credentials
The skill declares no required environment variables and uses optional envs (CDP_PORT, CHROME_BIN, HEADLESS). That matches its behavior: the scripts honor those env vars but do not require unrelated credentials or secrets. No external tokens/keys are requested.
Persistence & Privilege
The skill does not request always:true and does not persist configuration into other skills. However, it writes lock and PID files to /tmp and starts/kills Chrome processes while pointing Chrome at the user's OpenClaw user-data-dir (~/.openclaw/browser/openclaw/user-data). That grants scripts run under this bridge access to any cookies/session state stored in that profile — an intended feature but a meaningful privilege that warrants caution.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install browser-playwright-bridge - 安装完成后,直接呼叫该 Skill 的名称或使用
/browser-playwright-bridge触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
Lock PID fix, timeout watchdog, headless support, README
v1.0.0
Initial release: lock-based CDP bridge between OpenClaw browser and Playwright scripts
元数据
常见问题
Browser Playwright Bridge 是什么?
Run Playwright scripts that reuse OpenClaw browser's login state via CDP with automatic lock-based conflict prevention. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 590 次。
如何安装 Browser Playwright Bridge?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install browser-playwright-bridge」即可一键安装,无需额外配置。
Browser Playwright Bridge 是免费的吗?
是的,Browser Playwright Bridge 完全免费(开源免费),可自由下载、安装和使用。
Browser Playwright Bridge 支持哪些平台?
Browser Playwright Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Browser Playwright Bridge?
由 Sway Liu(@swaylq)开发并维护,当前版本 v1.1.0。
推荐 Skills