Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
问专家 - Playwriter模式
v1.0.0使用 Playwriter 控制已登录的 Chrome 浏览器,通过 AI 助手获取专业建议,适合需登录账号的 AI 网站操作。
⭐ 0· 107·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (use Playwriter to control a logged-in Chrome to get AI advice) align with the instructions: opening Chrome, clicking an extension, creating a Playwriter session, navigating pages, typing questions, and reading responses. Minor oddity: the doc refers to 'Playwriter' (not Playwright) and includes an explicit Chrome extension ID; otherwise required actions are coherent with the stated purpose.
Instruction Scope
The SKILL.md instructs running shell commands and a Python snippet using pyautogui to move/click the user's UI, then driving the browser to read page text and take screenshots. This grants the agent the ability to access any content visible in the logged-in browser (messages, private data, etc.). The guidance to 'bypass robot detection' is also a red flag for potentially abusive behavior. The instructions do not limit which sites or selectors are used, increasing exfiltration risk.
Install Mechanism
There is no formal install spec in the skill (it is instruction-only), which is lower risk from code install perspective. The doc advises 'npm install -g playwriter@latest' and installing a Chrome extension by ID — these are external actions the user must perform. The skill omits mention of Python/pyautogui installation and doesn't verify package provenance; installing third-party npm packages and browser extensions can introduce risk if the sources are untrusted.
Credentials
The skill asks for no environment variables or explicit credentials, but it operates on the user's already-logged-in browser and extension connection, implicitly accessing session cookies, account data, and any site content the browser can view. That level of access is disproportionate to a simple 'ask expert' helper unless the user explicitly consents and isolates the browser profile.
Persistence & Privilege
The skill does not request always:true and does not modify system or other skills' configs. However, the platform default allows autonomous invocation; combined with the ability to control a logged-in browser and capture content, that increases potential impact if the skill is invoked autonomously. The skill itself does not demand persistent installation.
Scan Findings in Context
[no_regex_findings] expected: Scanner reported no regex findings. This is expected because the skill is instruction-only (no code files) so the static regex scanner had nothing to analyze.
What to consider before installing
This skill will run shell and Python commands that control your real Chrome window and read page contents or screenshots from sites where you're logged in. Before installing or running it: (1) only proceed if you trust the Playwriter npm package and the Chrome extension ID mentioned — inspect the extension's permissions and source; (2) avoid using it with browser profiles that contain sensitive accounts or data (use a disposable/profiled browser instance instead); (3) be cautious about following instructions that say to 'bypass robot detection' — that can violate site terms and be abusive; (4) the SKILL.md omits steps like installing pyautogui and doesn't sandbox the browser access, so run it in a controlled environment if you must test it; (5) if you want lower risk, prefer a skill that uses a server-side API or a dedicated automation profile rather than controlling your primary logged-in browser. If you need help verifying the extension or running this safely, seek advice or inspect the extension's source and the npm package before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk976zb9w9vmpm6jh6x68004ynh8346y4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.