PW Browser Setup
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill mostly matches its browser-setup purpose, but its verification script can turn a crafted screenshot path into unexpected local Node.js code execution.
Use this skill only if you are comfortable installing Playwright, Chromium, and system GUI dependencies on the machine. Prefer running it in a container or disposable workspace. Avoid passing untrusted screenshot paths to the verification script until the path interpolation issue is fixed, and only use the Feishu upload example if you intentionally want to send the screenshot with your tenant token.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A maliciously crafted screenshot path could make a verification step execute commands beyond taking a browser screenshot.
The second script argument is inserted into a JavaScript string inside a generated `node -e` program without escaping. A crafted path containing quotes and JavaScript syntax could break out of the string and run unexpected Node.js code as the current user.
SCREENSHOT_PATH="${2:-/tmp/browser-setup-verify.png}" ... node -e " ... await page.screenshot({ path: '$SCREENSHOT_PATH', fullPage: false }); ..."Do not pass untrusted screenshot paths. The publisher should pass the path via an environment variable or JSON-escaped argument instead of interpolating it into `node -e` source code.
Running the installer changes the local Node.js environment and relies on external package distribution channels.
The installer downloads unpinned npm packages and Playwright browser artifacts. This is expected for a Playwright setup tool, but it means the installed code comes from external package sources at run time.
npm install playwright ... npm install -g playwright ... npx playwright install chromium
Run it only in a workspace where installing npm packages is acceptable, and prefer pinned versions or a reviewed lockfile for reproducible installs.
If sudo is available, the skill can modify system-level packages rather than only files in the current project.
The installer attempts passwordless sudo package installation for Xvfb and Chrome dependencies. This is purpose-aligned for browser automation setup, but it uses elevated OS privileges when available.
sudo -n apt-get update -qq ... sudo -n apt-get install -y -qq xvfb ... libnss3 ... fonts-noto-cjk
Review the package list before running and use a disposable container or VM if you do not want system-level changes.
A background virtual display process may remain running after the browser check completes.
Headed-mode verification can start Xvfb in the background with access control disabled, and the script does not stop it afterward. This is disclosed and relevant to virtual-display setup, but it can persist beyond the verification task.
Xvfb :99 -screen 0 1280x900x24 -ac &
Stop Xvfb when finished if you do not need it, and avoid using headed mode on shared systems unless you understand the display access implications.
If used, the screenshot and Feishu token are sent to Feishu's API.
The documentation includes an optional Feishu API example that uses a tenant token and uploads the generated screenshot. It is user-directed and disclosed, but the metadata does not declare this optional credential use.
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/images" \ -H "Authorization: Bearer $TENANT_TOKEN" \ -F "image=@/tmp/browser-verify.png"
Only run the Feishu upload example when you intend to share the screenshot, and protect the tenant token like any other credential.