ClawHub
Back to skill

Security audit

Playwright WS

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uses a user-configured remote Playwright server for screenshots, PDFs, and tests, with privacy risk that users should understand.

Install only if you trust or control the Playwright WebSocket server. Avoid using it for sensitive or authenticated sites unless that server is authorized to process the page contents, cookies, screenshots, PDFs, and test activity.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README promotes remote browser automation over a WebSocket endpoint but does not clearly disclose that visited page content, cookies/session state, screenshots, PDFs, and automation activity may be transmitted to and processed by a remote Playwright server. In an agent setting, this omission can cause users to route sensitive internal URLs or authenticated browsing sessions to infrastructure they do not control, creating confidentiality and privacy risks.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The storageState example saves authenticated browser state to auth.json without warning that the file may contain session cookies and other authentication material. In a browser automation skill connected to a remote Playwright server, this can normalize unsafe handling of reusable credentials and lead users to persist secrets in insecure locations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script connects to a remote Playwright server and then loads an arbitrary user-supplied URL without clearly warning the user that page content, session data, rendered DOM, and browsing activity may be exposed to the remote server operator. In this skill's context, remote browser automation is the core feature, which makes the behavior expected but also increases the importance of explicit disclosure and trust boundaries because users may process sensitive internal pages or authenticated content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal