Web + Desktop Automation
v1.0.0Use when the user wants browser automation, web scraping, form filling, clicking, or desktop GUI automation, including mixed workflows that move between web...
⭐ 0· 185·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, included Python scripts, and requirements.txt consistently implement Playwright-based browser automation and PyAutoGUI desktop automation. Required artifacts (browser_runner, desktop_runner, orchestrator, dependency notes) are appropriate for the stated functionality.
Instruction Scope
Instructions are scoped to browser navigation, form filling, file download/upload, and desktop GUI actions. This is consistent with the purpose, but the skill explicitly describes reading download folders, opening local apps, editing files, and uploading results — i.e., it can access local files, simulate keyboard/mouse, and capture screenshots. Those are expected for this use case but represent powerful capabilities that could expose sensitive local data if misused.
Install Mechanism
No install spec in the registry; the repo is instruction+code only. Dependencies are standard Python packages (playwright, pyautogui, opencv-python, pillow) referenced in requirements.txt and references/dependencies.md. No downloads from untrusted URLs or embedded/extracted archives were found.
Credentials
The skill declares no required environment variables or credentials and the code does not read env vars. The skill may require user credentials at runtime for web logins (as any automation would), but it does not request unrelated secrets or broad cloud credentials.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills. It can be invoked autonomously (default behavior), which is normal; because the skill can control the desktop and access local files, allowlisting autonomous invocation should be considered carefully before enabling it broadly.
Assessment
This skill appears to do exactly what it claims: automate browsers and desktop GUIs. However, it is capable of controlling your mouse/keyboard, opening local files, and uploading downloaded artifacts — operations that can expose sensitive data or perform unwanted actions if misused. Before installing or running it: 1) Review the three scripts yourself (browser_runner.py, desktop_runner.py, mixed_orchestrator.py) to ensure they only perform the steps you expect. 2) Install and run dependencies in an isolated environment (virtualenv, container, or VM). 3) Do not supply real credentials or sensitive files for initial testing; use dummy accounts/data. 4) Avoid granting broad autonomous execution rights unless you trust the skill and have monitoring in place. 5) If you will run mixed flows that upload or submit files, confirm the destination endpoints are trustworthy. These precautions reduce risk but do not eliminate it.Like a lobster shell, security has layers — review code before you run it.
latestvk970m2gmw6kj28w6vyfe9rc5gh83ed4e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.