ClawHub

Playwright Pro

Security checks across malware telemetry and agentic risk

Overview

This testing skill mostly matches its Playwright purpose, but it can share test results or modify third-party testing records without clear confirmation steps.

Install only if you want an agent to create, edit, run, and report on Playwright tests. Before enabling Slack, TestRail, or BrowserStack, use scoped test-service credentials, prefer test/staging projects, confirm every external write or post, and avoid running state-changing templates against production data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (21)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill advertises itself as only generating a test report, but its documented behavior also includes sending results to Slack and pushing data to TestRail. This creates a capability/description mismatch that can cause users or calling systems to invoke it without realizing it may transmit test data externally.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill automatically inspects the environment and chooses external destinations based on discovered configuration, including Slack and TestRail. Automatic environment-based routing increases the chance of unintended data exfiltration because merely having a webhook or service URL configured can trigger outbound sharing without explicit user intent.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The Slack webhook feature is an outbound network capability that is not clearly declared in the skill's stated purpose of generating a report. Because failed test details can contain stack traces, URLs, tokens, internal paths, or other sensitive data, sending them to Slack without clear disclosure materially increases exposure risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The template includes a destructive deletion workflow even though the skill is framed as empty-state testing. In a production-grade testing toolkit, users may copy this directly into real environments or shared test data, causing unintended data loss and expanding the template's behavior beyond safe read-only validation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation shows writing Playwright authentication state to `.auth/user.json`, which can contain reusable session cookies and tokens, but it does not warn readers that this file is sensitive and should be protected. In a production-grade testing skill, this omission can lead users to commit session artifacts to source control, leak them in CI artifacts, or reuse privileged admin sessions insecurely.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs the agent to create and modify repository files such as Playwright config, tests, CI workflows, .gitignore, and package.json without explicitly requiring user confirmation or warning that these are persistent repository changes. In an agent setting, this can lead to unexpected source-control modifications, CI changes, and project reconfiguration that the user did not knowingly authorize.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs running package installation and test commands such as npm init playwright, npm install, npx playwright install, and npx playwright test without warning that these execute external tooling, download dependencies, may install system packages, and can alter the local environment. This is risky in an automated agent context because it can trigger network access, environment mutation, and unreviewed code execution from project scripts or dependencies.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include broad natural-language terms such as "migrate tests," "convert tests," and "replace selenium," which can match ordinary user requests that are not explicitly asking to invoke this skill. In an agent environment, overly broad activation increases the chance of unintended execution, causing the agent to scan repositories, propose migrations, or initiate follow-on actions in the wrong context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes posting summaries to Slack without an explicit warning or consent step for external transmission. In this context, test outputs often include sensitive operational details, so silent transmission to a webhook can leak internal information outside the local environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs the agent to upload Playwright test outcomes and failure messages to TestRail, which is an external service, but provides no explicit warning or consent checkpoint about transmitting potentially sensitive project metadata, stack traces, URLs, or internal error details. In a CI/testing context, failure messages often contain secrets, internal hostnames, customer data, or proprietary implementation details, so silent export increases the risk of unintended data disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill requires TestRail URL, username, and API key environment variables but does not warn users that the workflow accesses an external account using sensitive credentials. This omission can lead users to expose production or high-privilege credentials to automation without understanding the scope of access or the need for secure storage and least-privilege handling.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The template explicitly instructs use of real authentication material including API tokens, refresh tokens, API keys, and session cookies, but provides no warning to use test-only credentials, no guidance on secret storage, and no restriction against pointing tests at production or third-party endpoints. In a Playwright testing skill, this is more dangerous because users are likely to copy-paste the template into CI pipelines or shared repos, increasing the chance of credential exposure, misuse against live systems, or accidental logging of secrets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The template includes create, update, delete, and trigger-style mutation examples that can modify or remove live data, but it does not warn users to run them only against test environments or disposable fixtures. In a production-grade testing skill, users may copy these examples directly into real environments, creating an avoidable risk of destructive changes during test execution.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template requires a bearer token and demonstrates sending it in requests, but gives no guidance on secure secret handling, storage, or avoiding accidental disclosure in source control, logs, screenshots, and reports. Because this is a reusable template for browser/API testing, users may hardcode real credentials into test files or CI configuration and expose privileged API access.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The template instructs users to run tests with real bearer tokens against a rate-limited production-like endpoint and intentionally exhaust the quota, but it does not warn that doing so will transmit credentials and consume API rate-limit capacity. In a testing toolkit context, users may paste privileged tokens and target shared environments, causing service disruption, false alarms, or unintentional impact on other users and automation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The template explicitly requires highly sensitive values including a username/password pair, a TOTP secret, and a backup code, but provides no guidance on secure storage, redaction, or preventing these secrets from being committed to source control, logs, screenshots, or CI output. In a Playwright testing skill, this is more dangerous because test artifacts and shared templates are commonly copied into repositories and pipelines, increasing the likelihood of credential and MFA secret exposure and reuse against real accounts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This template automates a real payment submission flow and interpolates values like baseUrl and card numbers without any prominent warning or guardrail that only test environments and sanctioned test cards must be used. In the context of a production-grade Playwright toolkit, users may copy or run the example against live checkout endpoints, which could trigger unintended charges, payment processor activity, fraud controls, or order creation.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The template provides a ready-to-use permanent deletion flow without any warning that it is destructive and may irreversibly remove data. In a production-grade testing toolkit, this increases the chance that an agent or user applies the test against shared, persistent, or misconfigured environments, causing unintended data loss.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The template explicitly models use of real-looking verification tokens, email addresses, and passwords in browser-driven tests, and places tokens directly in URLs where they can be captured by logs, screenshots, traces, browser history, proxies, and CI artifacts. In a Playwright/CI context, users may copy this pattern into production-like environments without realizing that verification links and account credentials are sensitive and should be test-only or redacted.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This template automates real registration flows and explicitly creates new accounts using unique emails, but it does not warn users that running it will create persistent test data or potentially trigger downstream side effects such as welcome emails, quotas, analytics events, or billing/workflow hooks. In a production-grade testing skill, that omission is materially risky because users may aim it at non-test environments and unintentionally create accounts at scale.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The template documents and automates deletion of the last item without any warning about data impact, confirmation requirements beyond UI interaction, or guidance to use disposable test data. Because this skill is meant for browser automation and CI/CD testing, such examples are more dangerous: they are likely to be reused verbatim and executed at scale in connected environments.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal