← 返回 Skills 市场
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install patchright-skill
功能描述
Patchright-based browser automation with bot detection bypass. Use when Claude needs to interact with local web applications, test localhost/dev servers, tak...
安全使用建议
This skill does what it says (local browser automation) but includes powerful features that can access internal sites and run arbitrary JavaScript in page contexts. Before installing: 1) Review and trust the 'patchright' package source (pip index / upstream project). 2) Audit the scripts (especially server.py and any use of evaluate) — if you don't need arbitrary JS execution, remove or restrict the 'evaluate' tool. 3) Run the skill in an isolated environment (VM/container) if you'll use it against sensitive hosts. 4) Never use it with real/production credentials or pages with sensitive data unless you understand and accept the risk. 5) If you plan to hand control to an autonomous agent, explicitly limit which hosts/origins the agent may visit and consider disabling persistent server mode unless strictly necessary.
功能分析
Type: OpenClaw Skill
Name: patchright-skill
Version: 1.0.0
The skill provides browser automation with bot-detection bypass using the 'patchright' library and implements a background server (scripts/server.py) on port 9222 to maintain persistent sessions. It includes a high-risk 'evaluate' tool that allows the execution of arbitrary JavaScript within the browser, which is notably omitted from the primary tool reference in SKILL.md but documented in reference.md and used in several Google scraping scripts (scripts/google_search.py). While the stated intent is for QA and local development testing, the combination of a persistent background process, arbitrary JS execution, and bot-bypass capabilities creates a significant attack surface for data extraction or unauthorized interaction with local network services.
能力标签
能力评估
Purpose & Capability
Name/description match the code: scripts launch a Chromium browser (via 'patchright'), navigate to URLs, click, type, take screenshots, and include Google-search utilities. Requiring no environment variables or external binaries is consistent for a purely local automation skill. However, the advertised 'bot detection bypass' (undetected Playwright fork) materially broadens the skill's capability beyond ordinary QA tooling and increases abuse potential.
Instruction Scope
SKILL.md instructs users to run a background server and then drive it with JSON 'call' commands. The server exposes an 'evaluate' tool that executes arbitrary JavaScript in the page context and returns results — this lets the agent read any DOM content on pages it can reach (including internal/private sites) and return it to the caller. The docs also explicitly encourage navigating to private IP ranges/localhost and typing credentials in tests. Those instructions are functionally correct for automation, but they give the agent broad discretion to collect sensitive data from internal services.
Install Mechanism
There is no automated remote install step in the registry entry; the package is instruction-only and ships local Python scripts. A requirements.txt lists 'patchright>=0.0.1' which is a pip dependency — no arbitrary URL downloads, installers, or archive extraction are present in the provided files. This lowers supply-chain concerns but you must still trust the 'patchright' package source before installing it.
Credentials
The skill requires no declared environment variables or external credentials, which aligns with its stated local automation purpose. However, the skill's workflows (filling forms, typing passwords, and evaluating page JS) can be used to capture user-entered secrets or internal tokens if misused. The skill does not itself request credentials, but it provides mechanisms to collect them from pages.
Persistence & Privilege
The skill instructs users to run scripts/server.py as a background server that keeps a persistent browser session (PID file, listening on 127.0.0.1:9222). While not 'always:true', this persistent local service gives an installed skill long-lived access to the host's network via the browser context. Combined with the 'evaluate' capability and support for private IP ranges, this persistence increases the blast radius if the agent or skill is misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install patchright-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/patchright-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Patchright-skill 1.0.0 – initial release
- Enables Patchright-based browser automation focused on localhost, dev servers, and private networks.
- Supports session-persistent automation via a background server (scripts/server.py).
- Provides tools for navigation, screenshots, clicking, typing, waiting for elements, retrieving page info, and more.
- Ideal for QA, E2E testing, frontend/debug verification, and UI automation on development/local environments.
- Includes detailed usage instructions, trigger examples, and troubleshooting guidance.
元数据
常见问题
Patchright Skill 是什么?
Patchright-based browser automation with bot detection bypass. Use when Claude needs to interact with local web applications, test localhost/dev servers, tak... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 Patchright Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install patchright-skill」即可一键安装,无需额外配置。
Patchright Skill 是免费的吗?
是的,Patchright Skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Patchright Skill 支持哪些平台?
Patchright Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Patchright Skill?
由 smallnest(@smallnest)开发并维护,当前版本 v1.0.0。
推荐 Skills