ClawHub

Playwright Cli

Security checks across malware telemetry and agentic risk

Overview

This is a useful browser automation skill, but it gives an agent broad control over browser sessions, stored data, files, and page code without clear safety limits.

Review carefully before installing. Use a separate browser profile and test accounts, avoid sensitive logged-in sessions, pin and verify the npm package, and require explicit approval before using run-code, uploads, cookie/storage changes, network capture, tracing/video, persistent state, delete-data, close-all, or kill-all.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation exposes state-changing capabilities such as cookie/localStorage modification, state save/load, session deletion, close-all, kill-all, and persistent profile handling without clearly warning that these actions can alter data, terminate sessions, or affect active browser state. In an agent setting, this increases the risk of unintended destructive actions against user sessions, authenticated contexts, or stored browser data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises code execution, network inspection, file output, tracing, screenshots, PDFs, and video recording without privacy or security guidance. These features can expose sensitive page content, authentication data, internal network traffic, or enable arbitrary script execution in the browser context, making the skill materially more dangerous in an autonomous agent workflow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal