Patchright Skill
Security checks across malware telemetry and agentic risk
Overview
This skill needs careful review because it provides stealth browser automation for CAPTCHA/Cloudflare bypass and runs a persistent local browser-control server.
Install only if you specifically need authorized browser automation for systems you control. Avoid using it with personal or production logged-in accounts, do not use it to bypass third-party anti-bot protections, pin dependencies, and stop the background server after each session.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could be used to automate sites in ways intended to evade anti-bot protections, including actions on real accounts or public services.
The skill explicitly advertises bypassing bot-protection systems, which is not necessary for ordinary localhost/dev-server QA and can enable misuse on third-party services.
Bot Detection Bypass: YES (Cloudflare, reCAPTCHA, etc.)
Use only on applications and environments you own or are authorized to test; remove or disable anti-bot bypass behavior for general browser automation.
A command sent to the server can read or manipulate the current page beyond normal click/type/screenshot operations.
The server exposes an evaluate tool that runs arbitrary caller-supplied JavaScript in the active browser page.
async def evaluate(self, script):
...
result = await self.page.evaluate(script)Disable the evaluate tool by default, or require explicit user approval and restrict it to trusted local test pages.
Another local process could potentially issue browser commands, take screenshots, read page text, or manipulate the persistent browser session.
The browser-control server listens on localhost and the shown request handler executes JSON commands without an authentication token or origin check.
self.server = await asyncio.start_server(self.handle_client, '127.0.0.1', PORT)
Use a random authenticated token, a permission-restricted Unix socket, or per-invocation execution instead of an unauthenticated fixed localhost port.
Browser sessions and logged-in state may remain available after the immediate task unless the server is explicitly stopped.
The skill instructs use of a long-running background server that keeps browser state alive across commands.
scripts/server.py runs background server -> session persists
Stop the server after use, avoid using sensitive logged-in accounts, and prefer a disposable browser profile or automatic timeout.
Users may believe the skill is limited to local testing when it also supports automating public web services.
The broader artifact set includes third-party Google search automation, while the main description emphasizes localhost/dev-server testing.
This skill can be used to automate Google searches and extract search results using the Patchright browser automation library.
Clearly disclose third-party web automation behavior and restrict default triggers to owned/local environments.
Installing later package versions could introduce behavior not represented by the reviewed artifacts.
The skill relies on an external package with only a lower-bound version, so future package changes could alter behavior.
patchright>=0.0.1
Pin and verify the Patchright version before installation, and install in an isolated environment.