← 返回 Skills 市场
422
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install playwright-browser
功能描述
Use Playwright to browse websites with a real (non-headless) browser and extract data by hooking network responses. Use when the user wants to: - View a webs...
安全使用建议
This skill contains legitimate Playwright browser automation code, but also includes example scripts that will read from and write to your home/Desktop without that being declared. Before installing or running: 1) Review or remove scripts you don't trust (notably intercept_sina_images.py and parse_attendance.py). intercept_sina_images.py will save images to ~/Desktop/sina; parse_attendance.py will read ~/Desktop/考勤 and write an Excel file — run these only on a non-sensitive machine or in a sandbox. 2) Expect Playwright to download browser binaries when you run 'playwright install chromium'. 3) Ask the publisher why an attendance parser (parse_attendance.py) is bundled with a browser-scraping skill; this looks unrelated. 4) If you must run it, run a targeted script (browser_agent.py) rather than running all included examples, and inspect any script that performs filesystem operations. 5) If you need higher assurance, run the code in an isolated VM or container and restrict its filesystem access.
功能分析
Type: OpenClaw Skill
Name: playwright-browser
Version: 1.0.0
The skill bundle provides browser automation via Playwright but contains several significant security vulnerabilities and risky configurations. Specifically, `scripts/browser_agent.py` is vulnerable to JavaScript injection because it uses unsanitized string interpolation within `page.evaluate()` calls (e.g., in `find_links_by_text`, `search_page_content`, and `focus_on_element`). Furthermore, the browser is launched with flags that explicitly disable critical Chromium security features, such as `--disable-features=IsolateOrigins,site-per-process`, which weakens the browser's sandbox. While the included utility scripts for scraping Sina and 12306 appear to serve their stated purpose, the underlying implementation flaws pose a risk if the agent navigates to untrusted or attacker-controlled websites.
能力评估
Purpose & Capability
The SKILL.md describes non-headless Playwright browsing and network hooking, which matches browser_agent.py and the 12306/test scripts. However, the bundle also contains scripts that read user files and write to the user's Desktop (intercept_sina_images.py saves images to ~/Desktop/sina; parse_attendance.py reads ~/Desktop/考勤 and writes an Excel file). parse_attendance.py is unrelated to the stated browsing purpose. Those file-access behaviors are not declared in the skill metadata and are disproportionate to the described capability.
Instruction Scope
SKILL.md instructs installing Playwright and using the SyncBrowserAgent APIs; it does not warn that example scripts will read from or write to the user's home/Desktop. The code registers network response handlers and some example scripts automatically save binary responses to disk and read local directories — actions outside the SKILL.md's advertised scope and not restricted or highlighted in the runtime instructions.
Install Mechanism
No install spec in registry; SKILL.md instructs pip install playwright and playwright install chromium (standard for Playwright). There are no obscure URL downloads in the bundle. The Playwright browser installation will download browser binaries (expected).
Credentials
The skill declares no required environment variables or config paths, yet multiple scripts access the local filesystem under the user's home directory (e.g., SAVE_DIR = ~/Desktop/sina and INPUT_DIR = ~/Desktop/考勤). This file I/O is not reflected in metadata and can expose or modify user data without an explicit declared permission or prompt.
Persistence & Privilege
The skill is not always-enabled and does not request elevation or modify other skills' configs. It runs code only when invoked; there is no declared persistent/auto-install behavior in the manifest.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install playwright-browser - 安装完成后,直接呼叫该 Skill 的名称或使用
/playwright-browser触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of playwright-browser skill.
- Launches a real (non-headless) Chrome/Chromium browser to navigate and interact with websites.
- Can scrape rendered DOM content and extract data from JavaScript-heavy or SPA sites.
- Hooks network responses, allowing capture of XHR/Fetch API calls.
- Supports finding and clicking links, as well as searching for keywords within web pages.
- Provides examples and safety guidelines for secure use.
元数据
常见问题
playwright-browser 是什么?
Use Playwright to browse websites with a real (non-headless) browser and extract data by hooking network responses. Use when the user wants to: - View a webs... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 422 次。
如何安装 playwright-browser?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install playwright-browser」即可一键安装,无需额外配置。
playwright-browser 是免费的吗?
是的,playwright-browser 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
playwright-browser 支持哪些平台?
playwright-browser 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 playwright-browser?
由 elijahxb(@elijahxb)开发并维护,当前版本 v1.0.0。
推荐 Skills