ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Playwright WS

v1.0.2

Browser automation via remote Playwright WebSocket server for screenshots, PDFs and testing.

0· 406·1 current·1 all-time
by@first-it-consulting

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for first-it-consulting/playwright-ws.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Playwright WS" (first-it-consulting/playwright-ws) from ClawHub.
Skill page: https://clawhub.ai/first-it-consulting/playwright-ws
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: PLAYWRIGHT_WS
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install playwright-ws

ClawHub CLI

Package manager switcher

npx clawhub@latest install playwright-ws
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (remote Playwright over WebSocket) match the code and SKILL.md. Required binary (node) and required env var (PLAYWRIGHT_WS) are appropriate and necessary for the skill's function. The scripts implement screenshots, PDF export, and a test runner which is consistent with the description.
Instruction Scope
SKILL.md and scripts only instruct connecting to a user-provided PLAYWRIGHT_WS endpoint and running the included scripts; they do not read unrelated system files or unexpected env vars. Important security note: any Playwright WebSocket server you connect to can control the browser and see page content (including forms, cookies/storage if used), so the remote server operator can observe or exfiltrate data from pages you render. This is expected behavior for a remote Playwright integration but is a real privacy/security consideration.
Install Mechanism
There is no platform install spec in registry metadata (instruction-only), but SKILL.md tells users to run `npm install`. package.json declares the 'playwright' dependency which typically pulls large packages and may download browser binaries on install. This is not malicious, but it can be heavyweight and may be unnecessary if you only want remote operation; consider using PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD or using playwright-core if you want to avoid local browser downloads.
Credentials
The skill declares a single env var (PLAYWRIGHT_WS) as the primary credential which is proportionate. No unrelated secrets or multiple credentials are requested. Be aware that PLAYWRIGHT_WS functions as an endpoint/credential — providing it to the skill grants that server the ability to drive a browser session and view rendered content.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide configuration. It is user-invocable and can be invoked autonomously (platform default), which is expected and not flagged here.
Assessment
This skill appears to do what it claims: connect to a Playwright WebSocket server to take screenshots, generate PDFs, and run tests. Before installing, make sure: 1) PLAYWRIGHT_WS points to a server you trust — that server can view and control every page you open (so do not point it at pages with secrets unless you trust the operator); 2) you understand npm install will pull the Playwright package (and may download browser binaries) — set PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD if you want to avoid browser downloads; 3) prefer wss:// URLs when crossing untrusted networks; 4) review package.json/package-lock if you require strict dependency vetting. If you need to avoid any remote exposure, run Playwright locally instead of using a remote WS endpoint.
scripts/package-for-clawhub.js:83
Shell command execution detected (child_process).
scripts/package-skill.js:72
Shell command execution detected (child_process).
scripts/test-runner.js:45
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎭 Clawdis
Binsnode
EnvPLAYWRIGHT_WS
Primary envPLAYWRIGHT_WS
latestvk9787apefy9hdsh5mpgwtd063d82vywn
406downloads
0stars
3versions
Updated 10h ago
v1.0.2
MIT-0
@first-it-consulting
latest
Download

Playwright Skill

Remote browser automation via Playwright WebSocket server. No local browser installation required.

Use Cases

TaskScriptDescription
Screenshotscripts/screenshot.jsCapture screenshots of web pages
PDFscripts/pdf-export.jsGenerate PDFs from URLs
Testscripts/test-runner.jsRun Playwright tests remotely

Installation

cd playwright-skill
npm install
export PLAYWRIGHT_WS=ws://your-server:3000

Quick Start

# Screenshot
node scripts/screenshot.js https://example.com screenshot.png --full-page

# PDF
node scripts/pdf-export.js https://example.com page.pdf

Configuration

Set PLAYWRIGHT_WS environment variable to your Playwright WebSocket URL:

export PLAYWRIGHT_WS=ws://your-playwright-server:3000

Scripts

  • screenshot.js - Take screenshots with options
  • pdf-export.js - Generate PDFs
  • test-runner.js - Run remote tests

References

  • references/selectors.md - Selector strategies
  • references/api-reference.md - API documentation

Comments

Loading comments...