Playwright Browser Automation

Security checks across malware telemetry and agentic risk

Overview

The skill is legitimate browser automation, but it asks users to create persistent passwordless root permissions for Playwright install commands.

Use this only if you need direct Playwright automation. Avoid installing the suggested sudoers rule; run any required Playwright dependency installation manually, review it first, and remove any temporary elevation afterward. Treat screenshots, recordings, downloads, cookies, and storageState files as sensitive because they may contain account data or session tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill documents sensitive capabilities such as data extraction, screenshots, video recording, file downloads, cookie injection, localStorage token handling, and auth-state persistence without any privacy, consent, retention, or safe-storage guidance. In an agent context, these features can capture credentials, personal data, or session artifacts and leave them on disk, making accidental exfiltration or local compromise more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal