by 安全扫描
OpenClaw
安全
medium confidenceThe skill implements what it claims (a Podman-run Playwright scraper) and the code matches the documentation, but there are a few operational and metadata issues you should be aware of before installing.
评估建议
This skill appears to do what it says: run Playwright in a Podman container to fetch rendered HTML/text. Before installing, consider the following: (1) ensure Podman 5.x+ and Node.js 18+ are installed locally — the package metadata did not declare these required binaries but the script needs them; (2) the first run pulls ~1.5GB from mcr.microsoft.com and each run executes 'npm install' inside the container unless the image already includes Playwright — expect network activity and slower startup;...详细分析 ▾
ℹ 用途与能力
The code and SKILL.md implement a Podman-based Playwright scraper, which matches the name. However the registry metadata declares no required binaries while the implementation obviously requires the 'podman' binary (and Node.js to run the CLI). The mismatch is a metadata/packaging omission rather than functional misalignment.
ℹ 指令范围
The runtime instructions stay within the stated purpose (spawning a Playwright Chromium instance to capture rendered HTML/text). Notable operational choices: each run builds (npm install) inside the container (network activity, slower runs), the container is started with --ipc=host (documented for Chromium stability) and no explicit network isolation is applied. The SKILL.md also notes sandbox is disabled when run as root. These are documented but increase the attack surface when browsing untrusted sites or running as root.
✓ 安装机制
This is an instruction-only skill with a small CLI script; there is no remote install step in the skill package. The container image used is an official Microsoft Playwright image on mcr.microsoft.com (a known registry). The script runs 'npm install playwright@1.50.0' inside that container at runtime — that pulls from the public npm registry each run unless the image already contains the package. No obscure or shortened URLs or external arbitrary downloads are used by the skill itself.
✓ 凭证需求
The skill does not request secrets, config paths, or environment variables from the platform. It sets container environment variables for the target URL and options, but does not attempt to read platform credentials. The absence of declared required binaries is the only proportionality issue (podman/node should be declared).
✓ 持久化与权限
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It runs on-demand and creates ephemeral containers per invocation, so persistence and privilege requests are minimal.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.2.12026/2/4
- No code or documentation changes in this release. - Version bumped to 1.2.1 with no modifications detected.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install podman-browser
镜像加速npx clawhub@latest install podman-browser --registry https://cn.clawhub-mirror.com
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制