ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

HTML-to-Selenium 网页元素识别和selenium自动化

v2.0.7

EN: Convert any webpage into a runnable Python Selenium automation script. Triggers: "analyze page", "generate selenium", "web automation", "help me do xxx"....

0· 95·0 current·0 all-time
by张 庆 ( Zhang Qing )@icestorms·duplicate of @icestorms/html-to-selenium
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's stated purpose (fetch a URL with Playwright, analyze DOM, and generate Selenium code) is coherent with the included code and docs. However the registry metadata at the top claims 'Required env vars: none' / 'Primary credential: none' while SKILL.md, MANIFEST.md and fetch_page.py explicitly reference environment variables (ROUTER_USERNAME / ROUTER_PASSWORD / ROUTER_USER / ROUTER_PASS) and support auto-login. That metadata mismatch is an incoherence that can mislead users about what secrets the skill will access.
!
Instruction Scope
Runtime instructions direct Playwright to capture full page HTML and screenshots and instruct the AI to analyze DOM and extract 'key info' including 'Session Token' if visible. The skill also supports automated login flows (using credentials from CLI, env, or chat) and will attempt to click/submit forms. Those behaviors are consistent with the purpose but broaden the data the agent will touch (rendered HTML, possibly cookies/embedded tokens). The SKILL.md claims 'fetch_page.py does not actively extract or transmit cookies/session' but the AI analysis is allowed to extract data present in the DOM — this is a sensitive-data handling area and the instructions give the agent discretion to extract credentials-like values from page content.
Install Mechanism
No install spec in the registry (skill is instruction-only) and all code is bundled locally (no remote downloads). The documentation instructs users to 'pip install playwright selenium' and run 'playwright install chromium' — installing Playwright will download browser binaries. There are no obfuscated or remote download URLs in the bundle, but the skill will require installing packages that themselves download runtime artifacts (Playwright browsers).
!
Credentials
The code and SKILL.md accept credentials via CLI, chat, or environment variables (ROUTER_USERNAME/ROUTER_PASSWORD and aliases). These env vars are reasonable for an auto-login feature, but the registry claims none are required — a mismatch. The skill's credential-handling behavior is under-specified: it may read env vars automatically (fetch_page.py does so) and will accept credentials provided in chat, which increases risk of accidental exposure of real credentials. The number and naming of env vars is modest and relevant to the stated function, but the metadata inconsistency is a red flag.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It runs locally (Playwright/Selenium) and reads environment variables and writes files (screenshots, html.html, meta.json) into the chosen output directory — these are appropriate for its purpose and properly scoped.
What to consider before installing
This skill appears to do what it says (capture a page and generate Selenium scripts), but there are a few things to check before installing or running it: - Metadata mismatch: the registry claims no env vars required, but the skill and its scripts read ROUTER_USERNAME / ROUTER_PASSWORD (and aliases). Treat that as a warning — verify which env vars the deployed skill will actually read. - Credentials: do not provide high-privilege or production credentials. If you must test auto-login, use a throwaway/test account. Prefer passing credentials via CLI on a trusted machine rather than putting them in long-lived environment variables. - Sensitive page content: the skill fetches full rendered HTML and screenshots; those can contain tokens, CSRF values, or other secrets. Review outputs (html.html, meta.json, screenshots) in a safe environment and avoid processing sensitive internal pages unless you trust the environment. - Installation: the skill expects Playwright + Selenium; installing Playwright will download browser binaries. Run installation in an isolated virtualenv/container. - Run-time behavior: disable automatic login (do not pass --login) unless you explicitly want it and understand where credentials come from. Inspect generated Selenium scripts before executing them. - Clarify with the skill author or vendor: ask why registry metadata omits the env vars and confirm how credentials are handled/retained/logged. If any of these concerns are unacceptable (unexpected env reads, automatic credential usage, or running against sensitive sites), do not enable the skill or run it only in an isolated/test environment.

Like a lobster shell, security has layers — review code before you run it.

latestvk976r8fah4fwywn81y4xn4hf4x83nn2z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments