Browser Agent
v1.0.0Browser automation with Playwright for opening pages, taking screenshots, finding or clicking DOM elements, filling forms, extracting text, and managing cook...
⭐ 0· 137·0 current·0 all-time
by@neo1307
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, SKILL.md, and index.js are consistent: the script launches Playwright Chromium, navigates to a URL, takes screenshots, extracts text, clicks/fills selectors, and saves/loads storage state as described. No unrelated capabilities or unexpected credentials are requested.
Instruction Scope
SKILL.md instructs executing index.js with a target URL and flags; index.js performs only the described browser actions and writes outputs to disk. It will navigate to arbitrary remote pages provided by the caller and execute page JavaScript (expected for a browser automation tool) — this means the skill will fetch third-party content and run any scripts those pages serve.
Install Mechanism
No install spec is provided (instruction-only), but the code requires Playwright and Node to be present. Installing Playwright typically downloads browser binaries; the skill does not document this or pin trusted sources. This is an operational omission rather than malicious behavior.
Credentials
The skill requests no environment variables, which matches its purpose. However, it accepts sensitive input via CLI --fill arguments (values appear in process arguments) and saves storageState and screenshots to disk; session files can contain cookies/auth tokens. The SKILL.md does not warn about these confidentiality risks.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide agent settings. It writes outputs and session files only to paths supplied by the caller (normal for this utility).
Assessment
This skill appears to do what it says: automate a browser using Playwright. Before installing/using it: (1) ensure your runtime has Node and Playwright installed from a trusted source (Playwright installation will usually download browser binaries); (2) avoid passing secrets on the command line (values passed with --fill are visible in process lists and logs); use ephemeral/test credentials instead; (3) be cautious when loading or saving session files (they can contain cookies or tokens)—store them securely and avoid exposing paths publicly; (4) only navigate to trusted URLs because the skill executes page JavaScript; (5) consider running the tool in a sandboxed environment if you will visit untrusted sites. If you want stronger guarantees, request an install spec that pins Playwright and documents browser binary sources and a warning in SKILL.md about secret handling.Like a lobster shell, security has layers — review code before you run it.
latestvk973eg4cbspfysftpj8vkz6wbh839jcj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.