Back to skill

Security audit

playwright-cli-cloakbrowser

Security checks across malware telemetry and agentic risk

Overview

This skill openly enables stealth, logged-in browser automation and block-evasion workflows that can access sensitive account data, so users should review it carefully before installing.

Install only if you intentionally need stealth CDP automation for accounts and sites you are authorized to access. Avoid using it to bypass site blocks or scrape protected services, and do not let the agent capture or return cookies, tokens, full authenticated responses, or unrelated account data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly teaches reverse-engineering authenticated site APIs, monkeypatching fetch, inspecting requests, and reading response bodies from a logged-in browser context. In this context, that materially expands the skill from browser automation into extraction of protected session-bound data and creates a direct path to exfiltrate sensitive account information through the agent's normal outputs.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documents authenticated fetches and network capture from a logged-in browser session without any prominent warning that the resulting data may include private account content, tokens, or sensitive business information. Because the skill is specifically built around persistent logged-in stealth profiles, omission of consent and data-handling constraints makes accidental collection and disclosure much more likely.

Ssd 4

High
Confidence
97% confidence
Finding
This section assembles a workflow for using persistent stealth identities, reusing logged-in sessions, bypassing anti-automation friction, and then accessing authenticated site data via direct APIs and network inspection. In combination, the context makes the skill substantially more dangerous than ordinary browser automation because it is optimized for defeating site defenses and extracting protected data at scale.

Ssd 2

Medium
Confidence
90% confidence
Finding
The recommendation to retry hard blocks with a fresh exit IP so a rotating proxy may obtain a different address is explicit anti-block evasion guidance. Even without overt jailbreak language, it instructs users how to work around access controls and rate-limiting defenses, which increases misuse potential for scraping and unauthorized access.

Ssd 3

High
Confidence
96% confidence
Finding
The skill tells the agent to observe authenticated traffic and retrieve response bodies from a logged-in session, creating a straightforward natural-language exfiltration path for sensitive user or account data. Because the browser context is persistent and logged in, captured responses may include private records well beyond what a user intended the agent to access.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.