Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
podman-browser
v1.2.1Run a headless Chromium browser via Podman to fetch text or HTML from JavaScript-rendered web pages using Playwright in a container.
⭐ 2· 1.9k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The code and SKILL.md implement a Podman-based Playwright scraper, which matches the name. However the registry metadata declares no required binaries while the implementation obviously requires the 'podman' binary (and Node.js to run the CLI). The mismatch is a metadata/packaging omission rather than functional misalignment.
Instruction Scope
The runtime instructions stay within the stated purpose (spawning a Playwright Chromium instance to capture rendered HTML/text). Notable operational choices: each run builds (npm install) inside the container (network activity, slower runs), the container is started with --ipc=host (documented for Chromium stability) and no explicit network isolation is applied. The SKILL.md also notes sandbox is disabled when run as root. These are documented but increase the attack surface when browsing untrusted sites or running as root.
Install Mechanism
This is an instruction-only skill with a small CLI script; there is no remote install step in the skill package. The container image used is an official Microsoft Playwright image on mcr.microsoft.com (a known registry). The script runs 'npm install playwright@1.50.0' inside that container at runtime — that pulls from the public npm registry each run unless the image already contains the package. No obscure or shortened URLs or external arbitrary downloads are used by the skill itself.
Credentials
The skill does not request secrets, config paths, or environment variables from the platform. It sets container environment variables for the target URL and options, but does not attempt to read platform credentials. The absence of declared required binaries is the only proportionality issue (podman/node should be declared).
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It runs on-demand and creates ephemeral containers per invocation, so persistence and privilege requests are minimal.
Assessment
This skill appears to do what it says: run Playwright in a Podman container to fetch rendered HTML/text. Before installing, consider the following: (1) ensure Podman 5.x+ and Node.js 18+ are installed locally — the package metadata did not declare these required binaries but the script needs them; (2) the first run pulls ~1.5GB from mcr.microsoft.com and each run executes 'npm install' inside the container unless the image already includes Playwright — expect network activity and slower startup; (3) the container is launched with --ipc=host and the script notes sandboxing may be disabled when run as root — avoid running this as root and avoid pointing it at highly sensitive or untrusted URLs unless you accept that risk; (4) if you want stricter isolation, run Podman with additional network or seccomp restrictions or pre-build an image with Playwright to avoid per-run npm installs; (5) consider requesting the publisher update the registry metadata to list required binaries (podman, node) so platform checks can be clearer. Overall the skill is internally coherent, but exercise operational caution when running containers that render arbitrary web pages.Like a lobster shell, security has layers — review code before you run it.
latestvk978t69q8gz6pve4vcdtrveped80f4kw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.