Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Patchright Skill
v1.0.0Patchright-based browser automation with bot detection bypass. Use when Claude needs to interact with local web applications, test localhost/dev servers, tak...
⭐ 0· 20·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code: scripts launch a Chromium browser (via 'patchright'), navigate to URLs, click, type, take screenshots, and include Google-search utilities. Requiring no environment variables or external binaries is consistent for a purely local automation skill. However, the advertised 'bot detection bypass' (undetected Playwright fork) materially broadens the skill's capability beyond ordinary QA tooling and increases abuse potential.
Instruction Scope
SKILL.md instructs users to run a background server and then drive it with JSON 'call' commands. The server exposes an 'evaluate' tool that executes arbitrary JavaScript in the page context and returns results — this lets the agent read any DOM content on pages it can reach (including internal/private sites) and return it to the caller. The docs also explicitly encourage navigating to private IP ranges/localhost and typing credentials in tests. Those instructions are functionally correct for automation, but they give the agent broad discretion to collect sensitive data from internal services.
Install Mechanism
There is no automated remote install step in the registry entry; the package is instruction-only and ships local Python scripts. A requirements.txt lists 'patchright>=0.0.1' which is a pip dependency — no arbitrary URL downloads, installers, or archive extraction are present in the provided files. This lowers supply-chain concerns but you must still trust the 'patchright' package source before installing it.
Credentials
The skill requires no declared environment variables or external credentials, which aligns with its stated local automation purpose. However, the skill's workflows (filling forms, typing passwords, and evaluating page JS) can be used to capture user-entered secrets or internal tokens if misused. The skill does not itself request credentials, but it provides mechanisms to collect them from pages.
Persistence & Privilege
The skill instructs users to run scripts/server.py as a background server that keeps a persistent browser session (PID file, listening on 127.0.0.1:9222). While not 'always:true', this persistent local service gives an installed skill long-lived access to the host's network via the browser context. Combined with the 'evaluate' capability and support for private IP ranges, this persistence increases the blast radius if the agent or skill is misused.
What to consider before installing
This skill does what it says (local browser automation) but includes powerful features that can access internal sites and run arbitrary JavaScript in page contexts. Before installing: 1) Review and trust the 'patchright' package source (pip index / upstream project). 2) Audit the scripts (especially server.py and any use of evaluate) — if you don't need arbitrary JS execution, remove or restrict the 'evaluate' tool. 3) Run the skill in an isolated environment (VM/container) if you'll use it against sensitive hosts. 4) Never use it with real/production credentials or pages with sensitive data unless you understand and accept the risk. 5) If you plan to hand control to an autonomous agent, explicitly limit which hosts/origins the agent may visit and consider disabling persistent server mode unless strictly necessary.Like a lobster shell, security has layers — review code before you run it.
latestvk97b5qsafhh5j45vfjvmryk2q984akrf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.