ClawHub

Coco Playwright Stealth 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Playwright scraping skill, but it needs Review because it promotes anti-bot bypassing and weakens browser containment while saving page captures without adequate warnings.

Install only if you intend to run a scraping tool and have permission to access the target sites. Use deterministic installs, run it in an isolated environment, avoid logged-in or sensitive pages, review any screenshots or saved HTML before sharing, and be aware that stealth scraping or proxy use may violate site rules or laws.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The scraper requests geolocation permission even though the stated purpose is generic web scraping, and the script does not appear to use location APIs. Unnecessary access to sensitive browser permissions expands data exposure and can enable collection or disclosure of user/environment location information without a clear business need. In a scraper that already uses stealth techniques to evade bot detection, this extra permission is more suspicious because it can help impersonate a real user environment.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises screenshot and HTML saving features but does not warn users that these artifacts may persist sensitive page content, authentication state visible in the page, personal data, or proprietary information to local disk. In a scraping skill, this omission is security-relevant because users may run the tool against logged-in or protected pages and unintentionally create sensitive files in insecure locations such as /tmp or shared workspaces.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises screenshot and HTML saving support without warning users that these artifacts may capture session data, personal information, tokens embedded in pages, or other sensitive content. Because scraping targets dynamic and possibly authenticated pages, silent local persistence increases the risk of unintended data retention and later disclosure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly promotes anti-bot evasion techniques such as hiding automation markers, mimicking human behavior, and considering proxy IPs, but provides no warning about legal, policy, privacy, or account-ban risks. In context, this is more dangerous because the skill is specifically positioned to bypass site defenses, which can facilitate unauthorized scraping and abuse at scale.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly demonstrates saving screenshots and full HTML to local disk without warning that scraped pages may contain sensitive, proprietary, or personal data. In a scraping skill, this can lead users to persist regulated or confidential content unintentionally, increasing risk of local data exposure, retention, and mishandling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The examples highlight scraping an anti-bot-protected site and later recommend delays to avoid IP blocking, but provide no warning about legal, privacy, terms-of-service, or operational consequences. This materially lowers friction for evasive scraping behavior and can encourage misuse against sites that actively restrict automated access.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "多米",
  "license": "MIT",
  "dependencies": {
    "playwright": "^1.40.0"
  }
}
Confidence
90% confidence
Finding
"playwright": "^1.40.0"

Known Vulnerable Dependency: playwright==1.40.0 — 1 advisory(ies): CVE-2025-59288 (Playwright downloads and installs browsers without verifying the authenticity of)

High
Category
Supply Chain
Confidence
98% confidence
Finding
playwright==1.40.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal