← Back to Skills Marketplace
82
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install patchright-skill
Description
Patchright-based browser automation with bot detection bypass. Use when Claude needs to interact with local web applications, test localhost/dev servers, tak...
Usage Guidance
This skill does what it says (local browser automation) but includes powerful features that can access internal sites and run arbitrary JavaScript in page contexts. Before installing: 1) Review and trust the 'patchright' package source (pip index / upstream project). 2) Audit the scripts (especially server.py and any use of evaluate) — if you don't need arbitrary JS execution, remove or restrict the 'evaluate' tool. 3) Run the skill in an isolated environment (VM/container) if you'll use it against sensitive hosts. 4) Never use it with real/production credentials or pages with sensitive data unless you understand and accept the risk. 5) If you plan to hand control to an autonomous agent, explicitly limit which hosts/origins the agent may visit and consider disabling persistent server mode unless strictly necessary.
Capability Analysis
Type: OpenClaw Skill
Name: patchright-skill
Version: 1.0.0
The skill provides browser automation with bot-detection bypass using the 'patchright' library and implements a background server (scripts/server.py) on port 9222 to maintain persistent sessions. It includes a high-risk 'evaluate' tool that allows the execution of arbitrary JavaScript within the browser, which is notably omitted from the primary tool reference in SKILL.md but documented in reference.md and used in several Google scraping scripts (scripts/google_search.py). While the stated intent is for QA and local development testing, the combination of a persistent background process, arbitrary JS execution, and bot-bypass capabilities creates a significant attack surface for data extraction or unauthorized interaction with local network services.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the code: scripts launch a Chromium browser (via 'patchright'), navigate to URLs, click, type, take screenshots, and include Google-search utilities. Requiring no environment variables or external binaries is consistent for a purely local automation skill. However, the advertised 'bot detection bypass' (undetected Playwright fork) materially broadens the skill's capability beyond ordinary QA tooling and increases abuse potential.
Instruction Scope
SKILL.md instructs users to run a background server and then drive it with JSON 'call' commands. The server exposes an 'evaluate' tool that executes arbitrary JavaScript in the page context and returns results — this lets the agent read any DOM content on pages it can reach (including internal/private sites) and return it to the caller. The docs also explicitly encourage navigating to private IP ranges/localhost and typing credentials in tests. Those instructions are functionally correct for automation, but they give the agent broad discretion to collect sensitive data from internal services.
Install Mechanism
There is no automated remote install step in the registry entry; the package is instruction-only and ships local Python scripts. A requirements.txt lists 'patchright>=0.0.1' which is a pip dependency — no arbitrary URL downloads, installers, or archive extraction are present in the provided files. This lowers supply-chain concerns but you must still trust the 'patchright' package source before installing it.
Credentials
The skill requires no declared environment variables or external credentials, which aligns with its stated local automation purpose. However, the skill's workflows (filling forms, typing passwords, and evaluating page JS) can be used to capture user-entered secrets or internal tokens if misused. The skill does not itself request credentials, but it provides mechanisms to collect them from pages.
Persistence & Privilege
The skill instructs users to run scripts/server.py as a background server that keeps a persistent browser session (PID file, listening on 127.0.0.1:9222). While not 'always:true', this persistent local service gives an installed skill long-lived access to the host's network via the browser context. Combined with the 'evaluate' capability and support for private IP ranges, this persistence increases the blast radius if the agent or skill is misused.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install patchright-skill - After installation, invoke the skill by name or use
/patchright-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Patchright-skill 1.0.0 – initial release
- Enables Patchright-based browser automation focused on localhost, dev servers, and private networks.
- Supports session-persistent automation via a background server (scripts/server.py).
- Provides tools for navigation, screenshots, clicking, typing, waiting for elements, retrieving page info, and more.
- Ideal for QA, E2E testing, frontend/debug verification, and UI automation on development/local environments.
- Includes detailed usage instructions, trigger examples, and troubleshooting guidance.
Metadata
Frequently Asked Questions
What is Patchright Skill?
Patchright-based browser automation with bot detection bypass. Use when Claude needs to interact with local web applications, test localhost/dev servers, tak... It is an AI Agent Skill for Claude Code / OpenClaw, with 82 downloads so far.
How do I install Patchright Skill?
Run "/install patchright-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Patchright Skill free?
Yes, Patchright Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Patchright Skill support?
Patchright Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Patchright Skill?
It is built and maintained by smallnest (@smallnest); the current version is v1.0.0.
More Skills