ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

playwright-browser

v1.0.0

Use Playwright to browse websites with a real (non-headless) browser and extract data by hooking network responses. Use when the user wants to: - View a webs...

0· 157·0 current·0 all-time
by@elijahxb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes non-headless Playwright browsing and network hooking, which matches browser_agent.py and the 12306/test scripts. However, the bundle also contains scripts that read user files and write to the user's Desktop (intercept_sina_images.py saves images to ~/Desktop/sina; parse_attendance.py reads ~/Desktop/考勤 and writes an Excel file). parse_attendance.py is unrelated to the stated browsing purpose. Those file-access behaviors are not declared in the skill metadata and are disproportionate to the described capability.
!
Instruction Scope
SKILL.md instructs installing Playwright and using the SyncBrowserAgent APIs; it does not warn that example scripts will read from or write to the user's home/Desktop. The code registers network response handlers and some example scripts automatically save binary responses to disk and read local directories — actions outside the SKILL.md's advertised scope and not restricted or highlighted in the runtime instructions.
Install Mechanism
No install spec in registry; SKILL.md instructs pip install playwright and playwright install chromium (standard for Playwright). There are no obscure URL downloads in the bundle. The Playwright browser installation will download browser binaries (expected).
!
Credentials
The skill declares no required environment variables or config paths, yet multiple scripts access the local filesystem under the user's home directory (e.g., SAVE_DIR = ~/Desktop/sina and INPUT_DIR = ~/Desktop/考勤). This file I/O is not reflected in metadata and can expose or modify user data without an explicit declared permission or prompt.
Persistence & Privilege
The skill is not always-enabled and does not request elevation or modify other skills' configs. It runs code only when invoked; there is no declared persistent/auto-install behavior in the manifest.
What to consider before installing
This skill contains legitimate Playwright browser automation code, but also includes example scripts that will read from and write to your home/Desktop without that being declared. Before installing or running: 1) Review or remove scripts you don't trust (notably intercept_sina_images.py and parse_attendance.py). intercept_sina_images.py will save images to ~/Desktop/sina; parse_attendance.py will read ~/Desktop/考勤 and write an Excel file — run these only on a non-sensitive machine or in a sandbox. 2) Expect Playwright to download browser binaries when you run 'playwright install chromium'. 3) Ask the publisher why an attendance parser (parse_attendance.py) is bundled with a browser-scraping skill; this looks unrelated. 4) If you must run it, run a targeted script (browser_agent.py) rather than running all included examples, and inspect any script that performs filesystem operations. 5) If you need higher assurance, run the code in an isolated VM or container and restrict its filesystem access.

Like a lobster shell, security has layers — review code before you run it.

latestvk978rj9tphrs3zs93febn3zv39841ek4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments