ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill

v0.1.0

从零构建的轻量级无头浏览器,专为 AI 智能体和自动化设计,比 Headless Chrome 快 9 倍、内存占用低 16 倍,兼容 CDP 和 Playwright/Puppeteer,内置 MCP 服务器

0· 68·0 current·0 all-time
by@cn-big-cabbage

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cn-big-cabbage/cn-lightpanda.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skill" (cn-big-cabbage/cn-lightpanda) from ClawHub.
Skill page: https://clawhub.ai/cn-big-cabbage/cn-lightpanda
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cn-lightpanda

ClawHub CLI

Package manager switcher

npx clawhub@latest install cn-lightpanda
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description and runtime instructions all describe a headless browser (CDP/MCP/Puppeteer/Playwright) and the required actions (download binary, run serve, connect via WS) match that purpose.
!
Instruction Scope
The SKILL.md explicitly instructs the agent to download and execute precompiled binaries from external URLs and to modify user shell config (~/.bashrc) to persist telemetry settings. Those actions go beyond in-process guidance and grant the skill the ability to place and run code on the host — acceptable for a tool installer but higher-risk and should be constrained (sandboxing, verification).
Install Mechanism
There is no formal install spec in the registry package; the instructions tell the agent to curl binaries from GitHub Releases and to pull a Docker image from Docker Hub. Using GitHub/Docker Hub is standard, but the skill provides no checksums, signatures, or alternate trusted release URLs — downloading and executing binaries from the network is inherently risky without provenance verification.
!
Credentials
The skill requests no declared credentials, which is proportionate. However it documents that telemetry is enabled by default (and provides LIGHTPANDA_DISABLE_TELEMETRY to disable it) and shows examples using proxy auth or Authorization headers. Default telemetry collection without clear privacy details and the skill writing to ~/.bashrc to persist settings are privacy/credential risks. The SKILL.md references environment effects that are not declared in the skill manifest.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It does instruct persistent changes (moving binary to /usr/local/bin, echoing env exports to ~/.bashrc) which create lasting system state; these are typical for an installer but are notable persistence actions the user should review.
What to consider before installing
This skill appears to be what it claims (a headless browser) but carries typical installer risks: it tells the agent to download and run prebuilt binaries and to modify shell config to persist telemetry settings. Before installing, verify the upstream project (GitHub repo, releases and release checksums/signatures), prefer running the binary inside a container or isolated VM, do not run as root, set LIGHTPANDA_DISABLE_TELEMETRY=true if you want to avoid default data collection, avoid exposing the MCP/CDP ports to untrusted networks, and inspect the Docker image source. If you need stronger assurance, request the upstream project's release checksums or build from source in an isolated environment and confirm maintainer identities. If you can, run initial tests inside Docker or a disposable VM rather than on a production host.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ay5neytwcg2e1j9317702cd85ab5q
68downloads
0stars
1versions
Updated 6d ago
v0.1.0
MIT-0
@cn-big-cabbage
latest
Download

Lightpanda — 为 AI 智能体设计的极速无头浏览器

Lightpanda 是用 Zig 从零构建的新一代无头浏览器,不基于 Chromium 或 WebKit,专为 AI 智能体和大规模自动化设计。在处理 100 个真实网页时,执行时间仅需 5 秒(vs 46 秒),峰值内存仅 123MB(vs 2GB)。完整支持 Chrome DevTools Protocol(CDP),现有 Puppeteer/Playwright 脚本无需改动即可切换使用,同时内置 MCP 服务器让 AI 助手直接控制浏览器。

核心使用场景

  • 大规模网页爬取:替换 Headless Chrome 降低云端成本,处理更多并发请求
  • AI 智能体浏览:通过 MCP 服务器让 Claude/Cursor 等 AI 直接控制浏览器访问网页
  • Puppeteer/Playwright 加速:无需修改代码,将 browserWSEndpoint 指向 Lightpanda
  • HTML/Markdown 转储:快速将网页内容转为 Markdown 供 AI 分析
  • 服务器端自动化:内存极低,适合在资源受限的容器或 VPS 中运行

AI 辅助使用流程

  1. 安装二进制 — AI 下载对应平台的预编译二进制(Linux/macOS/Docker)
  2. 启动 CDP 服务器 — AI 执行 ./lightpanda serve 在 9222 端口启动 CDP 服务器
  3. 连接 Puppeteer/Playwright — AI 将现有脚本的 browserWSEndpoint 指向 Lightpanda
  4. 或配置 MCP 服务器 — AI 将 Lightpanda 配置为 Claude Code 的 MCP 工具
  5. 执行自动化操作 — AI 通过 CDP 或 MCP 控制浏览器,导航、提取、交互
  6. 转储页面内容 — AI 用 lightpanda fetch --dump markdown 将页面转为 AI 可读格式

关键章节导航

  • 安装指南 — 二进制下载、Docker 安装、从源码构建
  • 快速开始 — CDP 服务器、Puppeteer 集成、MCP 配置、CLI 转储
  • 高级用法 — Playwright 集成、代理、遥测配置、AI 场景
  • 故障排查 — 兼容性、Beta 限制、网络问题

AI 助手能力

使用本技能时,AI 可以:

  • ✅ 下载并安装 Lightpanda 二进制(Linux/macOS)
  • ✅ 启动 CDP 服务器(./lightpanda serve --host 127.0.0.1 --port 9222
  • ✅ 将 Puppeteer 脚本连接到 Lightpanda(修改 browserWSEndpoint
  • ✅ 配置 Lightpanda 作为 Claude Code 的 MCP 工具
  • ✅ 使用 lightpanda fetch --dump markdown 将网页转为 Markdown
  • ✅ 使用 Docker 镜像快速部署(docker run lightpanda/browser:nightly
  • ✅ 配置代理和遥测选项

核心功能

  • 极速渲染 — 比 Headless Chrome 快 9 倍,100 页仅需 5 秒
  • 极低内存 — 峰值 123MB(vs Chrome 2GB),降低 16 倍
  • CDP 兼容 — 完整支持 Chrome DevTools Protocol,现有脚本无需改动
  • Puppeteer/Playwright 集成 — 通过 browserWSEndpoint 零成本迁移
  • MCP 服务器 — 让 AI 工具直接控制浏览器,支持 MCP JSON-RPC 2.0
  • HTML/Markdown 转储 — 直接将网页内容转为 Markdown(AI 友好格式)
  • robots.txt 遵守--obey-robots 选项,合规爬取
  • 代理支持 — 内置代理配置
  • 网络拦截 — 可拦截和过滤网络请求
  • Docker 镜像 — 官方多架构镜像(amd64/arm64)
  • Cookie 管理 — 完整 Cookie 支持
  • JavaScript 执行 — v8 引擎,支持 Ajax/XHR/Fetch API

快速示例

# 下载安装(macOS)
curl -L -o lightpanda https://github.com/lightpanda-io/browser/releases/download/nightly/lightpanda-aarch64-macos
chmod a+x ./lightpanda

# 转储网页为 Markdown
./lightpanda fetch --dump markdown https://example.com

# 启动 CDP 服务器
./lightpanda serve --host 127.0.0.1 --port 9222

# Docker 运行
docker run -d --name lightpanda -p 127.0.0.1:9222:9222 lightpanda/browser:nightly

// MCP 配置(添加到 AI 工具 MCP 配置文件)
{
  "mcpServers": {
    "lightpanda": {
      "command": "/path/to/lightpanda",
      "args": ["mcp"]
    }
  }
}

安装要求

依赖版本
Linuxx86_64 或 aarch64(glibc 发行版)
macOSaarch64 或 x86_64
Windows通过 WSL2 使用 Linux 二进制
Docker任意版本(推荐生产使用)

注意: Lightpanda 当前为 Beta 阶段,部分 Web API 尚未完全实现。不适用于依赖 WebGL/WebRTC 等高级特性的场景。

项目链接

Comments

Loading comments...