ClawHub

Playwright Scraper Skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Playwright scraping skill with anti-bot behavior and local page captures, but no hidden exfiltration, credential use, or background persistence was found.

Install and run this only for sites you are authorized to access and scrape. Treat screenshots and saved HTML as potentially sensitive local files, avoid authenticated or private pages unless you can protect and delete the outputs, and prefer a disposable or containerized workspace because Playwright downloads and runs browser binaries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The scraper requests geolocation permission even though its stated purpose is only page scraping. Unnecessary sensor/location permissions expand the browser's capabilities and can expose precise location data to visited sites or enable future code changes to collect it without additional review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes stealth scraping and anti-bot evasion techniques such as hiding automation signals and simulating human behavior, but it provides no warning about legal, contractual, privacy, or service-impact constraints. In a scraping skill, that omission materially increases misuse risk because users are encouraged to bypass protections without guidance on authorized use, rate limits, or compliance obligations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Documenting screenshot and HTML-saving capabilities without warning that captured pages may contain personal data, credentials, tokens, or other sensitive content can lead users to persist sensitive information unintentionally. In a browser automation context, saved artifacts often outlive the session and may be exposed through insecure storage, logs, backups, or sharing.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The environment-variable examples encourage writing screenshots and HTML to local disk but do not warn that these files persist after execution and may be readable by other users, processes, backups, or later workflows. This is a lower-severity documentation issue, but it can still contribute to accidental data retention and disclosure, especially on shared systems or CI environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes stealth scraping, anti-bot evasion, screenshot capture, and HTML saving, but provides no guidance on authorization, privacy, data retention, or legal/operational impact on target sites. In a scraping skill, this omission increases the likelihood of misuse against protected sites and collection of sensitive content, especially because the documentation frames anti-bot bypass as a recommended default workflow.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises that the stealth scraper outputs screenshots and saved HTML, but does not clearly warn users that these artifacts may contain sensitive page content, session data rendered in-page, personal information, or copyrighted material. In an agent setting, silent persistence of scraped artifacts can create privacy leakage, unintended data retention, and local filesystem exposure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section explicitly promotes stealth scraping, hiding automation markers, mimicking human behavior, and considering proxy IPs to bypass anti-bot defenses, without any warning about legal, privacy, policy, or operational risks. In context, this makes the skill more dangerous because it is not merely scraping content; it is instructing users how to evade detection and potentially access sites contrary to site restrictions, increasing the chance of abuse and downstream liability.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly encourages saving screenshots and full HTML from scraped pages but does not warn that these artifacts may contain personal data, authenticated content, tracking tokens, or other sensitive information. In a scraping skill, normalizing this workflow without privacy and retention guidance increases the likelihood of overcollection, insecure storage, or downstream misuse of captured data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README provides direct guidance for using a stealth scraping mode against an anti-bot protected site, but includes no warning about legal restrictions, terms-of-service violations, rate limiting, or operational harm to target systems. Because the skill is specifically positioned as bypassing anti-bot protections, the context makes misuse more likely and elevates concern beyond a generic scraping example.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
The script can write a screenshot to an arbitrary path from the SCREENSHOT_PATH environment variable without any confirmation, path restrictions, or disclosure to the caller. In agent or automation contexts, silent disk writes can create privacy and data-handling risks, and could overwrite unintended files if the path is attacker-controlled.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Forcing a Chinese locale and Shanghai timezone alters the browser fingerprint to impersonate a specific user environment, which goes beyond neutral scraping behavior. In an anti-bot scraping skill, this increases concern because it is designed to evade site detection and may misrepresent operator context without consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal