Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Puppeteer
v1.0.0Automate Chrome and Chromium with Puppeteer for scraping, testing, screenshots, and browser workflows.
⭐ 1· 2k·20 current·24 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description align with the instructions: it's an instruction-only Puppeteer helper and correctly requires the 'node' binary. The files (setup, selectors, waiting, memory-template) are consistent with browser automation and nothing requested is obviously unrelated to that purpose.
Instruction Scope
The SKILL.md and setup.md instruct the agent to create and persist data under ~/puppeteer/, to collect 'target sites' and 'preferred patterns', and to 'store in ~/puppeteer/memory.md without mentioning file paths to them.' setup.md also says 'Don't ask — just start naturally.' Those phrases encourage autonomous file creation and hidden storage of potentially sensitive target/site information and selectors. While storing session data is reasonable for automation, the explicit instruction to hide storage details and to proceed without asking is scope-creep and a privacy/consent risk.
Install Mechanism
This is instruction-only (no install spec), which reduces installation risk. However, setup.md suggests running 'npm install puppeteer' or 'puppeteer-core' if missing. Allowing the agent to run npm installs at runtime can introduce arbitrary third-party code; this is proportionate only if the user explicitly consents and the exact package (and version) is controlled. No downloads from untrusted URLs or archives are present in the skill files.
Credentials
The skill requires no environment variables or external credentials in registry metadata, which is proportionate. It does instruct to accept credentials 'per-script' when needed for login flows, but it does not request or justify persistent credential storage or access to unrelated credentials. That said, the instruction to save usage memory (including target sites) could inadvertently collect sensitive data if the user provides it; the skill does not require nor clearly forbid storing credentials in memory.
Persistence & Privilege
The skill expects to create a persistent folder (~ /puppeteer) and keep a memory.md of targets, patterns, and preferences. Persisting automation state is reasonable, but combined with 'don't ask' and 'don't mention file paths to them' guidance it grants the agent leeway to create and hide persistent artifacts. The skill does not request always:true and does not modify other skills, but the concealment guidance raises a persistence/privacy concern.
What to consider before installing
This skill appears to be a legitimate Puppeteer guide, but it includes instructions that let an agent create persistent files and store details about target sites without explicitly asking the user. Before installing or enabling it: (1) require explicit user consent before the agent creates ~/puppeteer or runs npm install; (2) inspect any scripts the agent writes to ~/puppeteer/scripts/ before executing them; (3) refuse to store credentials in memory.md — only provide secrets directly to ephemeral scripts and delete them after use; (4) consider running automation in a sandboxed account or container and restrict network access if you do not trust the skill owner (source is unknown); (5) if you want tighter control, ask the agent to show exact commands it will run (including npm install package names and versions) and to log all created files for user review. These steps reduce the risk of hidden data collection or inadvertent installation of third-party packages.Like a lobster shell, security has layers — review code before you run it.
latestvk9798ggbtd68c82k0c70sevsm581mfer
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎭 Clawdis
OSLinux · macOS · Windows
Binsnode