ClawHub

Playwright Test Generator

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Playwright test generator whose browser navigation and file output fit its stated purpose, with caution needed around live URL analysis.

Install only if you want a tool that can generate local test files and, when asked to analyze a URL, open that page in a headless browser. Avoid pointing it at private intranet pages, admin consoles, authenticated sessions, localhost services, or cloud metadata/internal addresses unless you intentionally want those pages inspected and their DOM-derived locators included in generated output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises capabilities that imply file read, file write, and network access, but no permissions are explicitly declared. That creates a transparency and governance gap: users and the host system cannot accurately assess or constrain what the skill may do before activation, increasing the risk of unexpected data access, filesystem modification, or outbound requests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The design explicitly supports navigating to arbitrary user-supplied URLs and extracting DOM content, but it does not describe any user-facing warning, trust boundary, or consent mechanism. In an agent/skill context, this can cause users to unknowingly trigger browsing to attacker-controlled or sensitive internal pages, leading to unintended data exposure, SSRF-like access through the host environment, or collection of page content that the user did not realize would be inspected.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation trigger phrases are broad enough to match routine user requests about test creation or Playwright in general, which can cause unintended invocation of a skill with code-generation, file, and network-adjacent behavior. Over-broad triggering increases the chance that the skill is activated in contexts where the user did not intend external analysis or code output, leading to unnecessary exposure of user data or unsafe actions.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The usage criteria include ambiguous conditions such as wanting to analyze a page/URL, needing test generation, or mentioning Playwright generation, without strict scoping or user-confirmation requirements. In a skill that may read inputs, write outputs, and access URLs, ambiguity raises the risk of accidental activation and processing of sensitive content beyond user expectation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The function automatically launches a browser and navigates to an arbitrary caller-supplied URL without validation, allowlisting, or any consent/disclosure boundary. In an agent skill context, this can be abused to trigger unintended outbound requests to attacker-controlled or internal endpoints, creating SSRF-like behavior, internal network probing, or silent access to sensitive web resources reachable from the runtime.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises activation when a user merely mentions Playwright test generation, which is overly broad and can cause the agent to invoke this skill outside a clearly intended test-generation request. Over-broad routing increases the chance of prompt/skill hijacking, irrelevant execution, or accidental handling of untrusted URLs/HTML in contexts where the user did not explicitly request this capability.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage section lists broad and ambiguous activation conditions without clear boundaries, making it easier for the orchestrator to select this skill for loosely related prompts. In a skill that can process page URLs and HTML, misactivation is more dangerous because it may pull the conversation into analyzing untrusted content or generating code from attacker-supplied inputs without sufficient user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The analyzeUrl method launches Playwright and performs a live page.goto against any caller-supplied URL, which creates an SSRF-style primitive and can trigger requests to internal services, cloud metadata endpoints, or other sensitive network locations reachable from the runtime environment. In a code-generation skill, users may reasonably expect static transformation of input, so hidden network access increases risk and can expose the host environment to untrusted destinations.

VirusTotal

No VirusTotal findings

View on VirusTotal