ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Playwright Scraper CN

v1.2.0

Playwright-based web scraping OpenClaw Skill with anti-bot protection. Successfully tested on complex sites like Discuss.com.hk.

0· 115·1 current·1 all-time
by@onlyloveher
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Playwright stealth scraper) align with the included scripts, package.json, and README. The code implements simple and stealth Playwright scrapers, example usage, and optional login helpers — all coherent with the stated purpose. Minor mismatch: SKILL metadata declares no required env/creds, yet scripts expect Playwright to be installed (npm + npx commands in docs) and support several environment variables for operation (HEADLESS, WAIT_TIME, USER_AGENT, etc.).
Instruction Scope
SKILL.md instructs installing Playwright and running the included scripts; runtime instructions and scripts stay within scraping behavior (navigating pages, taking screenshots, saving HTML, printing JSON). The scripts intentionally inject anti-detection code (overriding navigator.webdriver, faking navigator properties, manipulating Function.prototype.toString) — expected for 'stealth' scraping but also powerful evasion techniques. The xianyu-login.js script automates a login flow and prints page content and asks for an SMS code; that can expose PII/credentials if used incorrectly. No instructions send scraped data to remote endpoints — output is console and local files.
Install Mechanism
There is no automatic installer in the skill bundle; package.json and package-lock.json indicate normal npm dependencies (playwright and @playwright/test). package-lock entries resolve to public npm registries; one resolved URL uses a Tencent mirror which is a package registry mirror (not an arbitrary binary URL). No arbitrary downloads/extract-from-unknown-URL were found in the repository.
Credentials
The skill does not declare required secrets or credentials. Scripts accept benign environment variables (HEADLESS, WAIT_TIME, SCREENSHOT_PATH, SAVE_HTML, USER_AGENT) — proportional to web-scraping functionality. Notable issue: scripts/xianyu-login.js contains a hardcoded phone number (15982192571), which is unnecessary for general scraping and may contain PII that should be removed or parameterized. The README mentions future integration with CAPTCHA-solving services (2captcha/Anti-Captcha) which would require API keys; these are not currently implemented but would increase secret requirements if added.
Persistence & Privilege
The skill does not request persistent presence (always: false). It does not modify other skills or system-wide configurations. It writes local files (screenshots, HTML) and prints to stdout, which is normal for a scraper. Autonomous invocation is allowed by platform default (disable-model-invocation: false); combined with the skill's capabilities this increases potential impact if the agent were allowed to run it without human oversight, but this is platform-standard behaviour and not unique to this skill.
Assessment
This package appears to be what it says: Playwright scripts for normal and stealth scraping. Before installing or running it, take these precautions: - Inspect and remove or parameterize the hardcoded phone number in scripts/xianyu-login.js (it contains PII and is unnecessary for most uses). - Review all scripts you plan to run (especially xianyu-*.js) — they can automate logins and will print page contents and save screenshots/HTML locally. - Run npm install and Playwright installation in an isolated environment (container or VM). Playwright will download browser binaries (substantial disk/network activity). - If you plan to use stealth/anti-bot features, understand they purposely mask automation (navigator overrides, function toString tampering); only use these where legally and ethically appropriate and consistent with site terms of service. - Check package-lock.json integrity and your npm registry settings (the lockfile references a registry mirror) and prefer official registries if you have policy concerns. - Avoid running the skill with elevated privileges or exposing sensitive accounts; if you need login automation, prefer manual credential injection and avoid storing credentials in code. - If you will allow the agent to invoke the skill autonomously, restrict or monitor that behavior — scraping+evasion can have legal/abuse consequences and increases blast radius if misused. If you want, I can point out the exact lines that set navigator overrides and the hardcoded phone number so you can edit them, or suggest a minimal sandboxed command to test the skill safely.

Like a lobster shell, security has layers — review code before you run it.

latestvk976k9w6t1ynxb1ajmcn62scth83b46r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments