podman-browser

Run a headless Chromium browser via Podman to fetch text or HTML from JavaScript-rendered web pages using Playwright in a container.

This skill appears to do what it says: run Playwright in a Podman container to fetch rendered HTML/text. Before installing, consider the following: (1) ensure Podman 5.x+ and Node.js 18+ are installed locally — the package metadata did not declare these required binaries but the script needs them; (2) the first run pulls ~1.5GB from mcr.microsoft.com and each run executes 'npm install' inside the container unless the image already includes Playwright — expect network activity and slower startup; (3) the container is launched with --ipc=host and the script notes sandboxing may be disabled when run as root — avoid running this as root and avoid pointing it at highly sensitive or untrusted URLs unless you accept that risk; (4) if you want stricter isolation, run Podman with additional network or seccomp restrictions or pre-build an image with Playwright to avoid per-run npm installs; (5) consider requesting the publisher update the registry metadata to list required binaries (podman, node) so platform checks can be clearer. Overall the skill is internally coherent, but exercise operational caution when running containers that render arbitrary web pages.

Type: OpenClaw Skill Name: podman-browser Version: 1.2.1 The skill is classified as suspicious due to the use of `--ipc=host` and `--no-sandbox` flags when launching Chromium within the Podman container, as seen in `browse.js` and documented in `SKILL.md`. While these configurations might be used for browser stability, they significantly increase the attack surface by allowing container processes to access host IPC resources and reducing browser isolation. Additionally, the `browse.js` script performs `npm install playwright` inside the container on every execution, introducing a dynamic dependency resolution step which carries a minor supply chain risk, even for a legitimate package.