playwright-controller
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: playwright-controller Version: 1.0.0 The skill is classified as suspicious due to several critical vulnerabilities, not malicious intent. The `playwright-cmd.js` file uses an absolute path (`/Users/chenkuan/...`) for a required module, which is a severe path traversal/injection vulnerability and will break the skill in most environments. Additionally, the `playwright-crawler-v3.js` module explicitly forces the Playwright browser into 'headed' (visible) mode (`headless: false`), which is an information disclosure risk if the agent processes sensitive data in a visible environment. The skill also allows arbitrary file writes to a user-specified directory (`--dir`), posing a risk for overwriting sensitive system files or achieving persistence if exploited. These flaws are vulnerabilities that could be leveraged for attacks, rather than direct evidence of malicious design.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the command may fail or may use a different local file than the one included in the skill, making the actual executed code hard to verify.
The runnable command wrapper loads its core functions from an absolute developer-local path outside the packaged skill, instead of the included playwright-crawler-v3.js. If that path exists, the command could execute code not represented by the reviewed package; otherwise it will likely fail.
const { fetchWithPlaywright, fetchElementAndScreenshot } = require('/Users/chenkuan/.openclaw/workspace/毕业论文/论文工程/playwright-crawler-v3.js');Replace the absolute require with a relative import of the packaged file, include all helper files in the skill, and add a clear install/dependency specification for Playwright.
The skill can visit webpages and create local screenshot/text files in the chosen directory.
The skill accepts a URL and output directory, browses the page, then writes extracted content to disk. This is expected for its purpose, but it is still local file-writing and network-browsing authority.
result = await fetchWithPlaywright(options.url, { headless: true, timeout: options.timeout, screenshotDir: options.dir }); ... fs.writeFileSync(textPath, result.content);Use it only with URLs you intend to fetch and choose a safe output directory rather than protected or shared locations.
If you log into a site in the browser, the skill can capture screenshots and text from that authenticated session.
The documentation says the visible browser supports manual actions such as login. That is purpose-aligned browser automation, but it means the skill may be used on authenticated pages.
有头模式(可见浏览器,支持手动操作如登录)
Avoid using it on sensitive accounts unless you are comfortable saving the resulting page content locally.
Private webpage content or misleading webpage text may remain on disk after the command finishes.
Extracted webpage text is written to a local file for later use. This is expected behavior, but stored retrieved content can include sensitive data or untrusted webpage text.
fs.writeFileSync(textPath, result.content);
Review and delete generated files when they contain sensitive data, and treat extracted webpage text as untrusted input.