Chrome Control Proxy
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill is a clear browser-automation guide, but it gives an agent broad control over your Chrome session through a local HTTP proxy and arbitrary Playwright scripts.
Install only if you intentionally want OpenClaw to control a Chrome instance. Use a separate Chrome profile or test account, keep the proxy bound to localhost, do not expose port 3333 to other machines or untrusted containers, and confirm any action that could log in, submit forms, change data, or affect real accounts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked too broadly, the agent could click buttons, submit forms, navigate sites, or change logged-in accounts in the user's browser.
The skill documents an HTTP endpoint that accepts arbitrary script text and provides direct Playwright access to the browser, context, and page.
POST /playwright/run ... Body 中 `script` 为字符串 ... 注入变量:`page`、`context`、`browser`
Use only with explicit user approval for each site/action, restrict allowed domains and operations, and prefer narrower wrappers over raw script execution.
The agent may operate with the user's existing browser login state, cookies, and sessions, which can affect real accounts.
The automation runs against the current Chrome/CDP browser context and explicitly discusses OAuth sessions and clearing cookies/storage.
注入变量:`page`、`context`、`browser`(与当前 CDP 浏览器一致) ... 多步 OAuth ... `clearCookies()`、`localStorage.clear()`、`sessionStorage.clear()`
Run it only in a dedicated browser profile with test accounts or clearly scoped sessions, and require confirmation before any account-changing action.
Users must trust an external package with powerful access to their browser; the scanned artifact itself does not show what that package does internally.
The actual browser-control service is installed from an external global npm package, while the submitted skill contains no reviewed implementation code or install spec.
npm install -g chrome-control-proxy
Review and pin the npm package version/source before installing, and avoid running it in sensitive browser profiles.
Any process or container that can reach the service may be able to inspect or control the host browser if network isolation is weak.
The proxy is reachable over local/container networking and the artifact warns that exposing /playwright/run to untrusted parties is unsafe, but it does not describe an authentication boundary.
容器内将主机换为 `host.docker.internal:3333` ... 不要对公网暴露 本服务;勿向不可信方开放 `/playwright/run`
Bind the service only to localhost, firewall it from other containers or networks, and add authentication or an allowlist if possible.