Qwen Web Agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill does automate Qwen as advertised, but it also automatically deletes Qwen conversations and saves prompts/responses to a hard-coded local path.
Review and edit the scripts before use. In particular, change the hard-coded OUTPUT_FILE paths, protect or remove ~/.qwen_session/ when done, and disable the automatic conversation-deletion cleanup unless you explicitly want Qwen chat history removed. Install Playwright/Chromium only from trusted sources and avoid sending sensitive prompts to Qwen.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may remove Qwen chat history from the user's account without a separate confirmation, and brittle UI selectors could delete the wrong conversation.
After collecting a response, the script clicks Qwen's delete-conversation menu item and confirms it automatically through the logged-in browser session.
print("[*] Cleaning up: deleting current conversation...") ... loc = page.locator('[role="menuitem"]').filter(has_text="删除此对话") ... await confirm_btn.first.click()Make deletion opt-in, ask for explicit user approval before confirming, and verify the exact conversation being deleted.
Private prompts and Qwen responses may be saved somewhere the user did not expect, or the script may fail or write outside the current project on other systems.
The main documentation describes writing to last_output.md, but the code writes prompts and answers to a hard-coded developer-specific absolute path and creates the directory if possible.
OUTPUT_FILE = "/home/derek/文档/Derek_Obsidian_DB/AI应用对接/Qwen模块/last_output.md"
Use a configurable or relative output path by default, disclose it prominently, and avoid creating user-specific absolute directories.
Anyone or anything with access to that local session directory may be able to reuse the Qwen login context.
The skill stores and reuses a persistent browser profile for a logged-in Qwen account.
Login session persists at `~/.qwen_session/`.
Protect the session directory, delete it when no longer needed, and avoid using this skill on shared or untrusted machines.
Sensitive information included in prompts will be sent to qianwen.com under the logged-in account.
The skill's intended workflow sends user-provided questions or agent-provided content to the external Qwen web service.
Use when the agent needs to ask questions to Qwen AI and get back responses via browser automation.
Do not send secrets, private documents, or regulated data unless the user is comfortable sharing them with Qwen.
Users may not realize extra packages and a browser binary are needed, and versions are not pinned in the artifacts.
The documentation requires installing Python packages and a browser runtime, but the registry metadata has no install spec or required binaries.
`pip install playwright python-dotenv` ... `playwright install chromium`
Declare dependencies in metadata or an install spec, pin versions where practical, and remove or explain unused dependencies such as python-dotenv.
If the browser loads malicious web content, the disabled sandbox may increase local exposure compared with a default Chromium launch.
Chromium is launched with its sandbox disabled, which can reduce browser isolation.
args=["--no-sandbox"]
Remove --no-sandbox unless it is required for the target environment, and document why it is needed if retained.