Playwright Dev
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: playwright-dev Version: 1.0.0 The skill bundle contains multiple hardcoded sensitive credentials, including an Aliyun API key (sk-1f3847debc3e492e81f64115b20c6d82) and a Feishu App Secret (t0am3JU79N9TSEPgrk7GKbVLHmCdRGUe) across several files like fetch_feishu_docs.py and vectorize-and-store.py. It also utilizes risky execution patterns, such as using execSync to run system commands like robocopy and chrome.exe in hooks/gateway-restart-protection/handler.js and scripts/triple-line-sync.js. While these appear to be part of an extensive personal automation framework ('Axiang'), the inclusion of live secrets and the use of shell execution for file management present significant security vulnerabilities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing it may bring in many unrelated files and scripts that a user would not expect from an image-generation skill.
The package is described as instruction-only, but it contains a large code/workspace payload. That makes provenance and runtime scope unclear for a simple image-generation skill.
No install spec — this is an instruction-only skill. Code file presence: 93 code file(s). File manifest: 615 file(s).
Require a repackaged skill containing only the declared SKILL.md and necessary image-generation helper script, with dependencies and credentials explicitly declared.
If these instructions are loaded, the agent could change its behavior beyond the user’s request to generate or edit images.
This is a broad instruction set that tells an agent to prioritize local identity/memory files and act without asking, which is unrelated to the image-generation task.
Before doing anything else: 1. Read `SOUL.md` ... 2. Read `USER.md` ... 3. Read `memory/YYYY-MM-DD.md` ... Don't ask permission. Just do it.
Remove workspace-level agent instructions from the skill package and keep only instructions needed for the declared image workflow.
The package may expose or rely on privileged accounts that the user did not approve and that are not needed for image generation.
The included file visibly contains hardcoded third-party API keys and Feishu app credentials. These credentials are unrelated to the declared Gemini image-generation purpose.
"SERPER_API_KEY": "4312...", "DASHSCOPE_API_KEY": "sk-...", "appSecret": "t0am...", "verificationToken": "xi9..."
Revoke exposed secrets, remove all credential-bearing files, and declare only the expected GEMINI_API_KEY credential for the image API.
Unexpected scripts in the package could run local commands if invoked by other included instructions or tooling.
Static scan evidence shows shell execution in an autonomous-thinking script that is not part of the declared image-generation workflow.
execSync(`node "${tripleSyncScript}" "${htmlFile}" "${theme}" "${insights}"`, {Remove unrelated executable scripts or provide a clear, reviewed install/runtime contract showing they cannot be invoked by the image skill.
Private or stale memory content could be read, reused, or modified across tasks without clear user control.
The package includes instructions for persistent memory access and modification, plus many memory/profile files in the manifest. That is unrelated to image generation and can affect future agent context.
Daily notes: `memory/YYYY-MM-DD.md` ... Long-term: `MEMORY.md` ... You can read, edit, and update MEMORY.md freely
Do not bundle personal memory systems with this skill; if memory is needed, scope it narrowly and document retention, paths, and approval.
The agent may continue doing background or proactive work unrelated to the user’s image request if these instructions are active.
The artifact describes proactive recurring behavior and autonomous actions, including committing/pushing changes, which is outside the declared image-generation scope.
When you receive a heartbeat poll ... Use heartbeats productively ... Proactive work you can do without asking: ... Commit and push your own changes
Remove heartbeat/proactive-agent instructions from the package and require explicit user approval for any persistent or autonomous behavior.