Browser Automation 浏览器自动化

浏览器自动化操作与网页交互技能。用于自动填写表单、抓取网页数据、执行网页测试、模拟用户操作、批量处理网页任务。支持Playwright、Selenium等主流自动化框架。当用户需要自动化浏览器操作、网页数据抓取、表单自动填写、网页测试时使用。

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 84 · 0 current installs · 0 all-time installs

by@shenmeng

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The files and documentation are consistent with a browser-automation tool (Playwright/Selenium scripts, scraping, form filling, anti-detection guidance). However the bundled billing integration is unexpected for a local automation skill: _meta.json claims required SKILLPAY env vars but SKILL.md and top-level metadata list no required env vars, and payment.py contains a hard-coded BILLING_API_KEY. Also SKILL.md references helper scripts (batch_processor.py, screenshot_tool.py) that are not present in the file manifest — a mismatch that reduces confidence in the packaging.

Instruction Scope

SKILL.md instructs users to run provided scripts and to ensure SkillPay balance; the runtime instructions themselves are limited to installing deps and running scripts (web_scraper.py, form_filler.py, page_monitor.py). The scripts legitimately read/write browser storage_state files (which contain cookies/session tokens) and save scraped data to disk — expected for this purpose but sensitive. SKILL.md does not explicitly instruct how or when payment.py is invoked, but payment.py is present and will call external billing endpoints; that external network access is not described in detail in SKILL.md and the invocation point is unclear. The anti-detection and captcha-removal guidance is aggressive (proxy rotation, fingerprint spoofing, captcha solving services) — coherent with scraping but raises ethical/legal questions depending on use.

ℹ

Install Mechanism

No install spec is provided (instruction-only), which lowers install-time risk. A requirements.txt and instructions to pip install/playwright install are included (normal for Python-based automation). Nothing in the install steps downloads arbitrary executables or uses non-standard URLs. Still, because code files exist and will be executed, the lack of an install-time audit step increases the need to review source files before running.

Credentials

Declared requirements are inconsistent: the top-level skill metadata block in _meta.json indicates the billing integration expects SKILLPAY_API_KEY and SKILLPAY_USER_ID and marks billing as required, but the skill package's declared 'Required env vars' list is empty and SKILL.md doesn't tell users to set SKILLPAY_API_KEY. Worse, payment.py contains a hard-coded BILLING_API_KEY (secret) and will call https://skillpay.me endpoints using that key and the SKILL_ID. Hard-coded secrets in shipped code are inappropriate and risky. The scripts also save browser storage_state files (cookies/auth tokens) locally — necessary for login automation but sensitive and worth noting.

✓

Persistence & Privilege

always:false and no OS restrictions. The skill does not request persistent presence or claim to modify other skills or system-wide settings. It writes browser storage_state and data files to working directories (expected for automation) but does not attempt to change agent configuration. Autonomous invocation is allowed by default (disable-model-invocation:false) — expected for skills — but combined with the payment/inconsistencies above this increases the need for caution.

Scan Findings in Context

[HARDCODED_API_KEY_IN_CODE] unexpected: payment.py contains a literal BILLING_API_KEY value. A billing integration might legitimately use an API key, but shipping a hard-coded private key in repository code is inappropriate and not proportional to a local browser-automation skill. This key will be used in requests to skillpay.me.

[BILLING_ENV_MISMATCH] unexpected: _meta.json declares SKILLPAY_API_KEY and SKILLPAY_USER_ID as required env vars (billing required), but the skill's declared 'Required env vars' list is empty and SKILL.md doesn't show how to set those env vars. This inconsistency can lead to unexpected network calls or fallback behavior (payment.py falls back to 'anonymous_user').

[ANTI_DETECTION_GUIDE_PRESENT] expected: The package includes extensive anti-detection and evasion techniques (fingerprint spoofing, proxy pools, captcha solving). Those are coherent with large-scale scraping or botting use-cases, but they raise ethical and legal questions. Presence of such content is expected for a scraping tool but increases potential misuse risk.

[DOCUMENTED_BUT_MISSING_FILES] unexpected: SKILL.md lists helper scripts like batch_processor.py and screenshot_tool.py which are not present in the file manifest. This mismatch indicates packaging or documentation problems and reduces trust in completeness of the bundle.

What to consider before installing

Before installing or running this skill: - Review and remove/rotate the hard-coded API key in payment.py. Do NOT trust or use secrets embedded in shipped code; ask the author for official billing docs or replace with your own billing configuration. - Confirm whether the skill actually requires SkillPay payments. _meta.json claims billing is required; if you don't want to pay via an external service (skillpay.me), do not run payment functions and audit the code path to ensure payment.py is not invoked automatically. - Audit network calls: payment.py makes POST/GET requests to an external billing endpoint. Ensure you understand what data (user_id, skill_id) is sent. If you need offline/local use, remove or stub billing calls. - Sensitive files: the scripts save browser storage_state (cookies/auth tokens) and scraped data to disk. Treat these files as sensitive (they can contain session tokens). Run in a sandbox or dedicated environment and ensure files are stored only where you control them. - Missing/mismatched files: SKILL.md references scripts not present. Test in a safe environment and validate that the scripts you need exist and behave as expected before giving the skill network or credential access. - Legal/ethical caution: the package includes anti-detection techniques and captcha-solving guidance that can be used to evade protections. Make sure your intended use is legal and compliant with target site terms of service. - If you lack the ability to audit code, do not run this skill with network connectivity or credentials (or run it in an isolated VM/container). Ask the publisher for source provenance (homepage, repo) and verification of the billing provider before proceeding.

Like a lobster shell, security has layers — review code before you run it.

Current versionv2026.4.1

Download zip

latestvk9743xwz6k6c4cd15d60j9je8x83y7d6

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Browser Automation 浏览器自动化

💰 本 Skill 已接入 SkillPay 付费系统

每次调用费用：0.01 USDT

支付方式：BNB Chain USDT

请先确保账户有足够余额

使用Playwright和Selenium进行浏览器自动化操作，支持网页数据抓取、表单填写、自动化测试等功能。

核心能力

网页数据抓取 - 自动提取网页内容、表格、图片
表单自动填写 - 自动输入、选择、提交表单
自动化测试 - 网页功能测试、回归测试
批量任务处理 - 批量操作多个网页
截图与PDF生成 - 网页截图、生成PDF报告

适用场景

场景	示例
数据采集	抓取商品价格、新闻内容、社交媒体数据
自动表单	自动填写调查问卷、注册表单、申请表格
网页测试	自动化功能测试、UI测试、性能测试
批量操作	批量下载文件、批量提交任务、批量查询
内容监控	监控网页变化、价格变动、内容更新

技术栈

主要工具

Playwright - 微软开源，现代浏览器自动化（推荐）
Selenium - 经典选择，社区支持广泛
BeautifulSoup - HTML解析，配合requests使用
Scrapy - 大规模数据抓取框架

浏览器支持

Chromium/Chrome
Firefox
WebKit (Safari)
Edge

工具清单

web_scraper.py - 网页数据抓取器
form_filler.py - 表单自动填写
batch_processor.py - 批量网页处理器
page_monitor.py - 网页内容监控
screenshot_tool.py - 网页截图工具

参考资料

Playwright指南：references/playwright-guide.md
反爬虫策略：references/anti-detection.md
最佳实践：references/best-practices.md
常见问题：references/troubleshooting.md

快速开始

1. 安装依赖

pip install -r requirements.txt

# 安装Playwright浏览器
playwright install

2. 抓取网页数据

python scripts/web_scraper.py --url https://example.com --selector ".product-title" --output data.json

3. 自动填写表单

python scripts/form_filler.py --url https://example.com/form --config form_config.json

4. 批量处理

python scripts/batch_processor.py --urls urls.txt --script custom_script.py

使用示例

示例1：抓取电商产品价格

用户："帮我抓取京东上iPhone的价格"

执行：

from playwright.sync_api import sync_playwright

with sync_playwright() as p:
    browser = p.chromium.launch()
    page = browser.new_page()
    page.goto("https://search.jd.com/Search?keyword=iPhone")
    
    # 等待页面加载
    page.wait_for_selector(".gl-item")
    
    # 提取数据
    products = page.query_selector_all(".gl-item")
    data = []
    for product in products[:10]:
        title = product.query_selector(".p-name a").inner_text()
        price = product.query_selector(".p-price strong").inner_text()
        data.append({"title": title, "price": price})
    
    browser.close()

示例2：自动填写表单

用户："帮我自动填写这个注册表单"

配置 (form_config.json):

{
  "url": "https://example.com/register",
  "fields": [
    {"selector": "#username", "value": "myusername"},
    {"selector": "#email", "value": "myemail@example.com"},
    {"selector": "#password", "value": "mypassword123"},
    {"selector": "#confirm", "value": "mypassword123"},
    {"selector": "#agree", "action": "check"}
  ],
  "submit": "#submit-btn"
}

示例3：监控网页变化

用户："监控这个商品页面，价格低于1000时通知我"

python scripts/page_monitor.py --url https://example.com/product --selector ".price" --condition "<1000" --interval 3600

安全与合规

⚠️ 重要提醒

遵守Robots协议
- 检查网站的robots.txt
- 遵守爬取频率限制
- 尊重网站的反爬虫规则
法律合规
- 不要抓取个人隐私数据
- 不要破解付费内容
- 遵守当地数据保护法律
道德准则
- 不要对目标网站造成过大负载
- 设置合理的请求间隔
- 不要用于恶意竞争

反检测策略

使用随机User-Agent
模拟真实鼠标移动
添加随机延迟
使用代理IP轮换
处理验证码（必要时人工介入）

常见问题

Q: 被网站封IP怎么办？ A: 使用代理池，降低请求频率，模拟更真实的行为

Q: 遇到验证码怎么办？ A: 使用验证码识别服务，或降低频率避免触发

Q: 动态加载的内容抓不到？ A: 使用Playwright等待元素加载，或使用API接口

Q: 需要登录的页面怎么抓？ A: 先模拟登录保存cookie，或使用已登录的session

自动化工具应当用于提高效率，而非违反规则。请合法合规使用。

Files

14 total

Select a file

Select a file to preview.

Comments

Loading comments…