← 返回 Skills 市场
487
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install playwright-controller
功能描述
Browse webpages using Playwright with automatic loading wait, screenshots, and text extraction. Use playwright:fetch or playwright:screenshot commands. API:...
安全使用建议
Do not install blindly. The core functionality matches its description, but there are red flags you should address first: (1) playwright-cmd.js contains a hard-coded absolute require to the developer's local path — this is unexpected and could cause the skill to try to load files from the host filesystem if that path exists; it should require the bundled module with a relative path (e.g. './playwright-crawler-v3.js'). (2) The SKILL.md/README and code disagree about headless defaults and resource interception — ask the author to clarify and fix so behaviour is predictable. (3) Playwright/Chromium are heavy dependencies and will download browsers; ensure you run this in a sandboxed environment and that you trust the code. Recommended actions before using: review/patch the require path, run the code in an isolated VM or container, verify package.json dependency installation is intentional, and confirm the author updates the docs to match the actual code. If the developer cannot or will not fix the absolute path and documentation inconsistencies, treat the skill as unsafe to run in a non-sandboxed environment.
功能分析
Type: OpenClaw Skill
Name: playwright-controller
Version: 1.0.0
The skill is classified as suspicious due to several critical vulnerabilities, not malicious intent. The `playwright-cmd.js` file uses an absolute path (`/Users/chenkuan/...`) for a required module, which is a severe path traversal/injection vulnerability and will break the skill in most environments. Additionally, the `playwright-crawler-v3.js` module explicitly forces the Playwright browser into 'headed' (visible) mode (`headless: false`), which is an information disclosure risk if the agent processes sensitive data in a visible environment. The skill also allows arbitrary file writes to a user-specified directory (`--dir`), posing a risk for overwriting sensitive system files or achieving persistence if exploited. These flaws are vulnerabilities that could be leveraged for attacks, rather than direct evidence of malicious design.
能力评估
Purpose & Capability
Name/description match the included code: the JavaScript implements page loading, screenshots and text extraction via Playwright. The package.json dependency on Playwright is consistent with the stated purpose.
Instruction Scope
playwright-cmd.js requires an absolute path (/Users/chenkuan/.openclaw/.../playwright-crawler-v3.js) instead of the local module — this attempts to load code from the developer's home directory on the host if present, which is unexpected and potentially accesses files outside the skill bundle. The SKILL.md/README also contain contradictory statements about resource interception and headless defaults vs. what the code actually does (the crawler hardcodes headful launches regardless of option), indicating sloppy or inconsistent runtime instructions.
Install Mechanism
There is no install spec (instruction-only), but the bundle includes package.json with a Playwright dependency. That means Playwright/Chromium are required but not guaranteed to be installed by the platform — this is a usability concern (and large dependency) rather than direct maliciousness. The absolute require path is more concerning for runtime behavior than the lack of install steps.
Credentials
The skill requests no environment variables or credentials. It only reads/writes local files (screenshot/text output) which is appropriate for its stated purpose. No secret-exfiltration patterns or external API keys are requested.
Persistence & Privilege
Flags show no always:true; the skill does not request elevated agent privileges. It writes files to user-configurable directories (./screenshots or custom dir) — expected for a scraper tool, but be aware it creates files on disk.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install playwright-controller - 安装完成后,直接呼叫该 Skill 的名称或使用
/playwright-controller触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of playwright-controller.
- Browse webpages using Playwright with automatic loading wait, screenshots, and text extraction.
- Supports both full page and specific element screenshots with text extraction.
- Mobile simulation by default: iPhone viewport and user-agent, visible (headed) browser mode.
- CLI commands: playwright:fetch (full page), playwright:fetch-element (specific selector).
- Customizable options: timeout, output directory, headless mode.
- Outputs both screenshot (PNG) and extracted text for each request; error handling saves screenshots even on failure.
- Node.js API: fetchWithPlaywright and fetchElementAndScreenshot for programmatic use.
元数据
常见问题
playwright-controller 是什么?
Browse webpages using Playwright with automatic loading wait, screenshots, and text extraction. Use playwright:fetch or playwright:screenshot commands. API:... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 487 次。
如何安装 playwright-controller?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install playwright-controller」即可一键安装,无需额外配置。
playwright-controller 是免费的吗?
是的,playwright-controller 完全免费(开源免费),可自由下载、安装和使用。
playwright-controller 支持哪些平台?
playwright-controller 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 playwright-controller?
由 陈宽同学(@mrchenkuan)开发并维护,当前版本 v1.0.0。
推荐 Skills