Browser Automation Agent
v1.0.0浏览器自动化Agent。使用Playwright/Puppeteer进行网页自动化、数据采集、表单填写。触发词:browser、浏览器自动化、爬虫、playwright、puppeteer、网页抓取。
⭐ 0· 0·0 current·0 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md examples, and skill.json all describe a browser automation/scraping agent using Playwright/Puppeteer. The required resources requested are minimal (no env vars, no install spec) and are proportionate to that purpose.
Instruction Scope
SKILL.md contains concrete code for visiting arbitrary URLs, clicking, filling forms, taking screenshots, and extracting page text — exactly what a browser automation skill must do. However, those same capabilities make it possible to access internal sites, submit credentials, or exfiltrate scraped data; the instructions do not include explicit safeguards or restrictions about targeting internal hosts or handling sensitive inputs.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute. That lowers installer risk. Note: actual runtime will require Playwright/Puppeteer and appropriate browsers in the environment, but they are not installed by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is proportionate. But because it automates browsers, it can be used with external credentials provided at runtime (e.g., user-supplied logins). Treat any provided secrets carefully; the SKILL.md does not justify or require any unrelated credentials.
Persistence & Privilege
always is false and the skill is user-invocable only. It does not request permanent agent-wide privileges or attempt to modify other skills or system configuration in the provided files.
Assessment
This skill appears to do what it says: automate browsers and scrape or fill forms. Before installing/use: (1) verify the upstream repository and author (skill.json points to a GitHub repo—confirm it exists and review its code), (2) run the skill in an isolated environment (container/VM) with restricted network access if you worry about internal site access, (3) never supply real credentials or secrets to the skill unless you trust and have audited its implementation, and (4) consider adding safeguards (target allowlist, rate limits, and data-handling rules) because the instructions allow visiting arbitrary URLs and extracting data. If you need stronger assurance, ask the publisher for the full implementation and any network/data handling policies.Like a lobster shell, security has layers — review code before you run it.
latestvk97824kdsznm122agnej3hcnhh84jdkt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.