ClawHub

Browser Playwright Bridge

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it gives Playwright scripts access to the user's logged-in browser session with limited warnings or safeguards.

Install only if you intend Playwright scripts to use your current OpenClaw browser login state. Review every script before running it, avoid sensitive or production accounts, prefer a dedicated browser profile or test account, and be cautious with cron because it can keep acting without fresh user confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The template performs shell-based process inspection and local network probing to discover any Chrome instance exposing a remote debugging port. In a reusable skill template, this expands capability beyond a narrowly scoped browser task and can attach to unintended local browser processes, which is risky because CDP access grants powerful control over the browser session.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The error guidance suggests safety depends on a lock workflow, but the code actually connects to any Chrome exposing a remote debugging port on localhost. If another browser instance is running with CDP enabled, the script may silently bind to that session and gain access to tabs, cookies, and authenticated state without user awareness.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes sharing the same Chrome instance, cookies, and login state between an agent browser tool and Playwright scripts, but it does not warn users that scripts executed in this context inherit authenticated session access. In an agent skill context, this increases the chance that automation can perform actions or access sensitive data under the user's logged-in accounts without informed consent or clear operational boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages connecting Playwright to the existing Chrome profile and reusing the current browser context so cookies and authenticated sessions are inherited, but it does not present this as a prominent user-facing risk warning. That omission can cause users to run automation against live logged-in accounts without appreciating that scripts will have the same privileges as their active session, increasing the chance of unintended actions or data access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The template explicitly reuses the existing browser context and its cookies/login state, which means any script built from it runs with the user's authenticated session. Without strong disclosure and consent, this creates a direct privacy and account-security risk because automation can read pages and perform actions as the user.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template performs network navigation through the user's already-authenticated browser session, so requests to external sites may transmit identifying headers, session state, or trigger account-linked actions. In a generic template, doing this without an explicit warning makes misuse more likely and obscures the privacy implications for downstream users.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal