Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Playwright Commander
Security checks across static analysis, malware telemetry, and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (system-prompt-override, base64-block, unicode-control-chars); human review is required before treating this skill as clean.
Install only if you want the agent to control web browsers through Playwright. Treat it like any browser automation tool: use it on intended sites, be careful with logged-in accounts and form submissions, and review the bundled virtual environment because the package source is unknown. ClawScan detected prompt-injection indicators (system-prompt-override, base64-block, unicode-control-chars), so this skill requires review even though the model response was benign.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Dynamic code execution
Critical
- Finding
- Dynamic code execution detected.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
Obfuscated code
Warn
- Finding
- Potential obfuscated payload detected.
Obfuscated code
Warn
- Finding
- Potential obfuscated payload detected.
Obfuscated code
Warn
- Finding
- Potential obfuscated payload detected.
Potential exfiltration
Warn
- Finding
- File read combined with network send (possible exfiltration).
Potential exfiltration
Warn
- Finding
- File read combined with network send (possible exfiltration).
Potential exfiltration
Warn
- Finding
- File read combined with network send (possible exfiltration).
Potential exfiltration
Warn
- Finding
- File read combined with network send (possible exfiltration).
VirusTotal
No VirusTotal findings for this skill version.
- Malicious
- 0
- Suspicious
- 0
- Harmless
- 0
- Undetected
- 63
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
The agent can launch a browser, navigate to websites, collect page content, and save screenshots as part of a task.
Why it was flagged
The skill intentionally relies on local command execution to drive browser automation. That is expected for Playwright, but users should recognize that the agent can run these commands when using the skill.
Skill content
This skill is designed for programmatic interaction via `exec` commands, typically orchestrated by an agent.
Recommendation
Use it only for websites and actions you intend the agent to automate, and avoid letting it submit forms or perform account-changing actions unless explicitly requested.
What this means
Browser-page scripts could be run during automation, which may change page state or interact with sensitive web applications if used on logged-in sites.
Why it was flagged
The skill advertises browser-context JavaScript execution. This is normal for advanced Playwright debugging, but it is still a sensitive automation capability.
Skill content
- Execute custom JavaScript within the browser context.
Recommendation
Keep JavaScript execution tied to explicit debugging or testing tasks, and avoid running arbitrary scripts on sensitive or logged-in pages.
What this means
Installing the skill means trusting bundled dependency code, not just a short instruction file.
Why it was flagged
The skill includes a helper script plus a bundled Python virtual environment with large third-party dependencies. These dependencies are expected for Playwright, but the source is unknown and there is no install spec to explain provenance.
Skill content
scripts/playwright_cli.py ... venv/lib/python3.14/site-packages/playwright/ ... venv/lib/python3.14/site-packages/pip/
Recommendation
Prefer a version with clear source provenance, pinned dependency versions, and a documented installation process, or inspect the bundled environment before use.