Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Playwright Cli
v1.0.0Playwright CLI 自动化工具 - 浏览器自动化测试和网页交互。通过 CLI 命令控制浏览器、截图、填表、点击、执行代码等操作。支持多浏览器、会话管理、网络拦截、视频录制等功能。
⭐ 0· 44·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be a Playwright CLI helper, which justifies commands like open, click, screenshot. However the metadata lists no required binaries or install steps while the instructions explicitly require npm/node and installing a global package (@playwright/cli). The SKILL.md also references environment variables (PLAYWRIGHT_MCP_*) that are not declared in the registry metadata. The omission of required runtime prerequisites (npm/node, ability to install global binaries) is an incoherence.
Instruction Scope
The instructions tell the agent to run commands that can read and modify browser cookies, localStorage, save/load state, upload files, intercept network requests, record video/traces, forcibly kill browser processes, attach to running browsers, and run arbitrary code via 'run-code' or executing files. Those are valid Playwright capabilities but they give the agent broad ability to access and exfiltrate sensitive page data and local files; the skill text gives the agent discretion to perform these actions without limits.
Install Mechanism
The package is instruction-only (no install spec), but SKILL.md instructs 'npm install -g @playwright/cli@latest' and 'playwright-cli install --skills'. A global npm install modifies the host, may require elevated/write permissions, and is not captured in the registry metadata. Because installation is left to runtime commands, there's a risk the agent will fetch and execute code from npm without explicit provenance, version pinning, or sandboxing.
Credentials
The registry shows no required env vars or credentials, but the SKILL.md documents multiple environment variables (PLAYWRIGHT_MCP_*) controlling behavior. Additionally, runtime operations described (state-save/load, cookie/localStorage access, file upload/download, network routing) imply access to local files and browser secrets even though none of that is declared. The lack of declared env/permission requirements is inconsistent with what the instructions actually use and enable.
Persistence & Privilege
The skill does not request 'always: true' and does not claim to modify other skills. However, following the instructions will create persistent artifacts on the host (global npm package, saved outputs, recordings, saved state files) and may require elevated filesystem access. That persistence is not represented in the metadata and should be considered by deployers.
What to consider before installing
This skill's instructions are coherent with a Playwright CLI tool but the package metadata omits key facts and the runtime actions are powerful: - The SKILL.md requires npm/node and suggests running 'npm install -g', but the skill metadata doesn't declare these. Expect the install to write to disk and possibly require elevated permissions. - The CLI can read cookies, localStorage, saved states, upload files, intercept network requests, and execute arbitrary code (run-code), which could expose sensitive site data or local files. - Before installing: verify the source and npm package owner, prefer pinned versions (avoid '@latest'), and consider installing in a sandbox/container or using a non-global, audited install. - If you allow an agent to run this skill autonomously, restrict it from running on machines with sensitive data and avoid granting it broad filesystem or network access. - If you need this capability, ask the publisher to update metadata to declare required binaries (node, npm), environment variables, and to provide a trusted install mechanism or checksum; without that, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97c303b5ckdthpbxkejzq5pex84rw5v
License
MIT-0
Free to use, modify, and redistribute. No attribution required.