ClawHub

102 Playwright Scraper Skill

Security checks across malware telemetry and agentic risk

Overview

This is an openly documented Playwright web-scraping skill with stealth features, not hidden malware, but users should use it only where they have permission.

Install only if you need a browser scraper and will use it on sites you are authorized to access. Be aware that stealth scraping can violate site terms or law, and screenshots or saved HTML may contain sensitive page content that remains on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
76% confidence
Finding
The skill documentation describes use of environment variables such as SCREENSHOT_PATH, WAIT_TIME, HEADLESS, SAVE_HTML, and USER_AGENT, which indicates runtime capabilities tied to environment input, but the skill does not declare corresponding permissions or clearly scope those behaviors. In practice this creates a transparency and governance gap: operators may not realize the skill can influence file output behavior and execution characteristics via env configuration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly promotes anti-bot protection bypass techniques such as hiding automation signals and simulating human behavior, but provides no caution about legality, terms-of-service, privacy, or site-impact. In the context of an agent skill, this lowers friction for misuse and normalizes evasion-oriented scraping against protected targets.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The troubleshooting section advises users to switch to stealth mode and wait out Cloudflare challenges when blocked, which directly encourages bypassing defensive controls without any warning or authorization requirement. In an automation skill, such guidance materially increases the likelihood of misuse for unauthorized scraping of protected sites.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes stealth scraping, anti-bot evasion, screenshot capture, and HTML saving, but does not warn users about legal, privacy, or data-handling risks. In a scraping skill, this omission matters because it normalizes bypassing site protections and local storage of potentially sensitive content without guardrails, increasing the chance of misuse or non-compliant use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation states that the stealth scraper can produce screenshots and save HTML, and shows SCREENSHOT_PATH and SAVE_HTML usage, but does not warn users that local disk artifacts may contain sensitive page content, account data, or copyrighted material. This is risky because users may enable these features without understanding that scraped session data can persist on disk and be exposed to other processes or later exfiltration.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
This section directly promotes anti-bot evasion techniques such as hiding navigator.webdriver, using realistic user agents, and mimicking human behavior, without any policy, authorization, or compliance framing. In context, this materially increases abuse potential by guiding users toward bypassing site defenses, which can violate terms of service, trigger legal issues, or facilitate unauthorized scraping at scale.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The future roadmap proposes cookie-based login-state management and CAPTCHA-solving integrations without warning about credential handling, account takeover risk, privacy implications, or the legal/ethical issues of bypassing access controls. These capabilities would significantly expand the skill from public scraping into authenticated and potentially evasive access, increasing the likelihood of misuse and user harm.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The examples explicitly demonstrate stealth scraping of anti-bot protected sites, saving screenshots, and capturing full HTML without any caution about authorization, privacy, data retention, or legal/operational limits. In a scraping skill, this materially increases misuse risk because users are given turnkey patterns for collecting site content and artifacts from protected targets while bypassing defenses.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The troubleshooting and performance sections advise users on avoiding blocking, using headful/manual wait strategies, delaying requests to avoid IP blocking, and rotating proxies, but provide no caution about authorization or acceptable use. Because the skill is specifically a Playwright scraper with anti-bot positioning, this guidance can facilitate scraping against protected services in ways that bypass operator intent and increase legal, privacy, and abuse risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "多米",
  "license": "MIT",
  "dependencies": {
    "playwright": "^1.40.0"
  }
}
Confidence
84% confidence
Finding
"playwright": "^1.40.0"

Known Vulnerable Dependency: playwright==1.40.0 — 1 advisory(ies): CVE-2025-59288 (Playwright downloads and installs browsers without verifying the authenticity of)

High
Category
Supply Chain
Confidence
96% confidence
Finding
playwright==1.40.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal