Playwright (Automation + MCP + Scraper)

Security checks across malware telemetry and agentic risk

Overview

This is a normal Playwright browser automation guide with disclosed tooling and no evidence of hidden or malicious behavior.

Install this if you want Playwright automation help. Use it only on sites and apps you are authorized to test, prefer staging or test accounts for sensitive flows, and restrict access/retention for CI traces, screenshots, videos, and reports because they may capture credentials or private page data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guidance to always keep traces and failure artifacts is risky because Playwright traces, screenshots, videos, and HTML reports can capture credentials, session cookies, personal data, internal URLs, and other sensitive application state. In a CI/CD context, those artifacts are often uploaded to shared systems and retained for days, which increases the chance of unauthorized disclosure if access controls are weak or artifacts are shared broadly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal