首页 / 技能 / Hilda Puppeteer — Hilda Puppeteer

🎭 Hilda Puppeteer — Hilda Puppeteer

v1.0.0

Hilda Puppeteer 工具。

0· 75·0 当前·0 累计
xuxingling55-sketch 头像by @xuxingling55-sketch·MIT-0
浏览器自动化自动化API工具工作流测试工具
下载技能包
License
MIT-0
最后更新
2026/3/26
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The skill's stated purpose (Puppeteer browser automation) matches its requirements, but several runtime instructions encourage opaque or non-consensual behavior ("Don't ask — just start naturally" and storing memory without telling the user where), and the setup suggests running npm installs which fetch remote code — so proceed with caution.
评估建议
This skill appears to do what it claims (Puppeteer automation) and doesn't demand any secrets, but there are red flags you should consider before installing or running it: 1) The setup encourages running npm install, which will download code and (for full puppeteer) Chromium — run installs only in a controlled environment (sandbox/container/VM) and inspect package versions. 2) The instructions exhort the agent to act without asking the user and to save a local memory file without surfacing the p...
详细分析 ▾
用途与能力
Name/description, required binary (node), and guidance about puppeteer/pupeteer-core are coherent. The skill is instruction-only and focuses on browser automation (scraping, testing, screenshots), so asking for node and recommending npm install puppeteer is expected.
指令范围
SKILL.md and setup.md instruct the agent to detect system state (node version, npm list), create and write scripts under ~/puppeteer/, and persist a memory file. Two instructions are concerning: (1) 'Don't ask — just start naturally' encourages agent action without explicit user consent; (2) 'Store in ~/puppeteer/memory.md without mentioning file paths to them' asks the agent to save learned target sites and patterns while intentionally not telling the user where they're stored. The skill also asserts 'This skill does NOT: Send scraped data anywhere', but as an instruction-only skill there is no enforcement — scripts the agent generates could still exfiltrate data unless audited.
安装机制
No formal install spec (lowest disk-write risk). However setup.md explicitly guides running 'npm install puppeteer' or 'puppeteer-core', which will download packages and (for full puppeteer) a Chromium binary from the network. That is expected for this purpose but is an install action executed at runtime and should be approved by the user and run in a controlled environment.
凭证需求
The skill requests no environment variables, no credentials, and no config paths. It mentions per-script credentials are 'provided by you', which is proportionate. Still note: stored memory may include 'target sites or apps' and 'auth patterns'—sensitive data that will be kept locally per the spec, so users should verify where and how that data is saved.
持久化与权限
always:false (good). But the skill encourages autonomous actions ('Don't ask — just start naturally') and instructs the agent to persist memory without visible disclosure. Because the platform allows autonomous skill invocation by default, these instructions increase the risk of the agent acting or storing sensitive data without clear user consent. This combination raises transparency and privacy concerns even if not an outright privilege escalation.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

🖥️ OSLinux · macOS · Windows

版本

latestv1.0.02026/3/26

Initial release of hilda-puppeteer for browser automation. - Automate Chrome/Chromium for scraping, E2E testing, screenshots, and PDF generation. - Includes guidance on stable selectors, waiting patterns, rate limiting, and browser management. - Organizes automation scripts and output in a dedicated directory structure. - Addresses common Puppeteer pitfalls and browser automation best practices. - Stores all data locally; no credentials or data sent externally. - Lists related skills for extended web automation capabilities.

无害

安装命令

点击复制
官方npx clawhub@latest install hilda-puppeteer
镜像加速npx clawhub@latest install hilda-puppeteer --registry https://cn.longxiaskill.com

技能文档

Setup

On first use, read setup.md for integration guidelines.

当...时 到 使用

User needs browser automation: web scraping, E2E testing, PDF generation, screenshots, or any headless Chrome task. Agent handles page navigation, element interaction, waiting strategies, and data extraction.

Architecture

Scripts and outputs in ~/puppeteer/. See memory-template.md for structure.

~/puppeteer/
├── memory.md       # Status + preferences
├── scripts/        # Reusable automation scripts
└── output/         # Screenshots, PDFs, scraped data

Quick Reference

TopicFile
Setup processsetup.md
Memory templatememory-template.md
Selectors guideselectors.md
Waiting patternswaiting.md

Core Rules

1. Always Wait 之前 Acting

Never click or type immediately after navigation. Always wait for the element: 
await page.waitForSelector('#button');
await page.click('#button');
Clicking without waiting causes "element not found" errors 90% of the time.

2. 使用 Specific Selectors

Prefer stable selectors in this order:
  • [data-testid="submit"] — test attributes (最多 stable)
  • #unique-id — IDs
  • 表单 按钮[类型="submit"] — semantic combinations
  • .类-name — classes (最少 stable, changes often)

Avoid: div > div > div > button — breaks on any DOM change.

3. Handle 导航 Explicitly

After clicks that navigate, wait for navigation: 
await Promise.all([
  page.waitForNavigation(),
  page.click('a.next-page')
]);
Without this, the script continues before the new page loads.

4. 设置 Realistic Viewport

Always set viewport for consistent rendering: 
await page.setViewport({ width: 1280, height: 800 });
Default viewport is 800x600 — many sites render differently or show mobile views.

5. Handle Popups 和 Dialogs

Dismiss dialogs before they block interaction: 
page.on('dialog', async dialog => {
  await dialog.dismiss(); // or dialog.accept()
});
Unhandled dialogs freeze the script.

6. 关闭 Browser 在...上 Errors

Always wrap in try/finally: 
const browser = await puppeteer.launch();
try {
  // ... automation code
} finally {
  await browser.close();
}
Leaked browser processes consume memory and ports.

7. Respect Rate Limits

Add delays between requests to avoid blocks: 
await page.waitForTimeout(1000 + Math.random() * 2000);
Hammering sites triggers CAPTCHAs and IP bans.

Common Traps

  • page.click() 在...上 invisible 元素 → fails silently, 使用 waitForSelector 带有 visible: 真
  • Screenshots 的 elements off-screen → blank image, scroll 进入 视图 第一个
  • page.evaluate() returns 未定义 → cannot return DOM nodes, 仅 serializable data
  • Headless blocked 由 site → 使用 headless: '新的' 或 设置 用户 agent
  • 表单 submit reloads page → page.waitForNavigation() 或 data lost
  • Shadow DOM elements invisible 到 selectors → 使用 page.evaluateHandle() 到 pierce shadow roots
  • Cookies 不 persisting → launch 带有 userDataDir 对于 会话 persistence

Security & Privacy

Data stays local:

  • 所有 scraped data 在...中 ~/puppeteer/输出/
  • Browser 个人资料 在...中 specified userDataDir

skill 做 不:

  • 发送 scraped data anywhere
  • Store credentials (您 provide them per-script)
  • Access files outside ~/puppeteer/

Related Skills

Install with clawhub install if user confirms:
  • playwright — Cross-browser automation alternative
  • chrome — Chrome DevTools 和 debugging
  • web — General web development

Feedback

  • 如果 useful: clawhub star puppeteer
  • Stay updated: clawhub 同步
数据来源ClawHub ↗ · 中文优化:龙虾技能库