ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Playwright Headless Browser (Chromium)

v1.0.0

Set up headless browser automation in Clawdbot using Playwright Chromium. Use when configuring browser tools for WSL/Linux environments, installing browser d...

1· 1.7k·8 current·9 all-time
by@maverick-software
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the provided scripts and instructions. The scripts install Playwright/Chromium, check for system libraries, and patch Clawdbot to point to the Playwright-managed Chromium executable — all expected for the described purpose.
Instruction Scope
SKILL.md and scripts instruct running npx to install Playwright, invoking package managers (sudo apt/dnf/pacman/apk) and patching Clawdbot config. These are within scope, but the configuration sets noSandbox: true (explicitly required for WSL/containers), which weakens Chromium sandboxing — a security tradeoff the user should be aware of before applying the patch.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but the scripts rely on npx (which will download Playwright artifacts from npm/microsoft-hosted locations) and native package managers. This is expected for Playwright; no obscure or third-party URLs or archive extracts are used. Users should be aware npx will fetch packages at runtime.
Credentials
No environment variables or credentials are requested. The scripts access expected local paths (e.g., ~/.cache/ms-playwright and ~/.clawdbot/clawdbot.json) and the clawdbot CLI if present. No unrelated secrets or external tokens are referenced.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It will patch the Clawdbot configuration (either via clawdbot CLI or by instructing manual edits to the user's config file), which is appropriate for its purpose. It also requires sudo for package installs — a normal privilege for system-level package management.
Assessment
This skill appears to do exactly what it says: install Playwright-managed Chromium, ensure system libraries, and configure Clawdbot to use it. Before running: (1) ensure you have Node.js/npx installed and trust npm/Microsoft Playwright downloads; (2) review and back up your Clawdbot config (~/.clawdbot/clawdbot.json) because the script will patch it (it also sets noSandbox: true, which reduces Chromium sandbox protections — acceptable for WSL but a security tradeoff); (3) be prepared to run commands with sudo to install OS packages; (4) if you do not have the clawdbot CLI, follow the printed manual config steps rather than letting an automated CLI modify your config. If you want extra caution, run the setup in a disposable or test environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk978t5p0vds0x144wrsf35v4j18179ck

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments