ClawHub

Playwright Cli

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Playwright browser-automation skill, but it can expose or persist sensitive browser data if used on real accounts or production sites.

Install only if you are comfortable giving the agent browser automation authority. Prefer isolated test profiles and test accounts, review any run-code before execution, avoid tracing or recording sensitive login/payment/PII workflows, and protect or delete saved state, trace, screenshot, download, and video files because they may contain reusable cookies, tokens, credentials, personal data, or full network contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This documentation explicitly promotes execution of arbitrary Playwright code via `run-code` and includes privileged browser actions such as permission grants, clipboard access, downloads, page content extraction, and login/session-state capture, but it does not present any warning about security boundaries, trusted-input requirements, or data-handling risks. In an agent skill context, this is dangerous because an LLM or user may be induced to run untrusted code that can exfiltrate page data, harvest credentials/session tokens, or persist sensitive artifacts locally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The examples show saving downloaded files to disk and persisting authenticated browser state to `auth.json` without warning that these actions create local artifacts containing potentially sensitive data. In an agent setting, this can lead to credential/session leakage, unsafe storage of tokens or personal data, and unintended persistence beyond the current task.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly states that traces capture DOM snapshots, screenshots, network activity, and console logs, all of which commonly contain secrets, session tokens, personal data, and other sensitive application state. Presenting this capability without privacy, access-control, or retention warnings can lead users to collect and retain sensitive data unintentionally.

Missing User Warnings

High
Confidence
98% confidence
Finding
This section says the network log includes full request and response headers and bodies, which can expose authorization headers, cookies, API keys, CSRF tokens, personal data, and business-sensitive payloads. In a browser automation skill, users are likely to run against authenticated applications, making accidental secret capture especially dangerous.

Missing User Warnings

High
Confidence
100% confidence
Finding
The example records payment card number, expiry date, and CVV during tracing, implicitly encouraging storage of highly sensitive financial data in trace artifacts. That creates obvious exposure risk and may also violate PCI-DSS or internal compliance requirements if users emulate the example in real environments.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation encourages recording browser sessions to disk but does not warn that videos can capture sensitive on-screen content such as credentials, personal data, session state, internal dashboards, or secrets displayed during testing. In this skill context, the risk is elevated because browser automation often interacts with real web apps and user data, so users may inadvertently create persistent artifacts containing sensitive information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal