📦 Chrome Control Proxy — 浏览器自动化

v1.0.2

HTTP 接口一键控制 Chrome 生命周期，支持 Playwright 脚本与 DOM 快照，容器内外均通 host.docker.internal:3333 或 127.0.0.1:3333。

0· 122·0 当前·0 累计

by @zhengxiangqi (KiKi)

浏览器自动化 API工具自动化开发工具网络工具

下载技能包

最后更新

2026/4/4

安全扫描

VirusTotal

可疑

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This skill is an instruction-only guide for calling a host-local HTTP service that controls Chrome/Playwright. It is internally consistent, but before installing or using it consider: (1) The proxy can execute arbitrary Playwright scripts you send to /playwright/run — treat it like a remote code execution endpoint for browser actions. Only allow trusted agents or add authentication/firewalling to the service and avoid exposing it to the public Internet. (2) The SKILL.md asks the host operator to...

详细分析 ▾

ℹ 用途与能力

The skill's name/description, SKILL.md, and declared requirement of the 'node' binary are consistent: the documentation tells a human to install the npm package (chrome-control-proxy) on the host (which requires Node). However, the skill itself is instruction-only (no code) and does not need Node to merely call the HTTP endpoints; the declared 'node' requirement is targeted at the host-side setup rather than the agent runtime. This is plausible but worth noting so users understand why 'node' appears in requirements.

ℹ 指令范围

The SKILL.md stays on-scope: it documents only HTTP endpoints (health, browser start/stop, Playwright page-dom/pipeline/run) and gives caller-side sequencing caveats. It does not instruct reading unrelated files or environment variables. Important caveat: /playwright/run accepts arbitrary async script bodies (with injected page/context/browser), so clients can cause the controlled browser to navigate, access network endpoints, or interact with local resources — this is an intended capability of the proxy but is a sensitive power and the docs rightly warn not to expose the service to untrusted callers.

✓ 安装机制

There is no install spec in the skill bundle (instruction-only), which is the lowest install risk. The SKILL.md recommends a global npm install on the host (npm install -g chrome-control-proxy); that is an instruction for the host operator, not an automatic install performed by the skill. No downloads or archive extracts are performed by the skill itself.

✓ 凭证需求

The skill declares no environment variables or credentials and the runtime instructions do not request secrets. This is proportionate to a local HTTP control proxy. There are no unexplained credential requests.

✓ 持久化与权限

The skill is not flagged 'always:true' and uses the platform default (agent-invocable/autonomous invocation allowed). It does not request persistent system-level configuration or access to other skills' credentials. Autonomous invocation is standard for skills; combine with the previous note about script execution when deciding trust level.

安全有层次，运行前请审查代码。

运行时依赖

🖥️ OSmacOS · Linux · Windows

版本

latestv1.0.22026/4/3

NULL

● 可疑

安装命令

点击复制

官方npx clawhub@latest install chrome-control-proxy

镜像加速npx clawhub@latest install chrome-control-proxy --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库