Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawbrowser

v0.1.1

Use when the agent needs to drive a browser through the Microsoft Playwright CLI (`playwright-cli`) for navigation, form interactions, screenshots, recordings, data extraction, session management, or debugging without loading a full MCP browser. It trains the agent on the CLI commands, snapshots, and session/config habits that make Playwright CLI reliable for scripted browsing.

⭐ 7· 4k·10 current·13 all-time

byte_za@tezatezaz

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description match the instructions: the SKILL.md exclusively documents using the Playwright CLI (playwright-cli) for navigation, interactions, screenshots, recording, sessions, and config. Nothing requested by the skill metadata (it requests no extra credentials, binaries, or config paths) contradicts that purpose.

ℹ

Instruction Scope

The instructions direct the agent to run arbitrary playwright-cli commands (open, snapshot, run-code, tracing, video, config, session management). That is within the declared purpose, but 'run-code' and examples that grant permissions (e.g., clipboard-read) and network/console inspection give the agent access to page content and potentially sensitive data. The SKILL.md also refers to an env var (PLAYWRIGHT_CLI_SESSION) used to default sessions; that env var is not declared in the skill metadata.

✓

Install Mechanism

This is an instruction-only skill with no install spec or bundled code files, which is low risk from install perspective. The SKILL.md suggests installing the CLI via 'npm install -g @playwright/cli@latest' — that is a normal installation step but it does imply modifying the host (global npm install) and downloading browser binaries via 'playwright-cli install' when needed.

Credentials

The skill metadata declares no required env vars, but the instructions reference PLAYWRIGHT_CLI_SESSION as an environment variable to set a default session. This mismatch should be noted. More generally, the skill does not request credentials, but the documented commands can persist sessions, cookies, and recordings to disk and can grant page permissions (clipboard access), which are high-privilege actions relative to a simple helper — they are proportional to a browser automation tool but warrant attention.

ℹ

Persistence & Privilege

always:false and default agent invocation behavior are appropriate. Sessions and artifacts are explicitly persistent (session profiles, outputDir, traces/video saved to disk), which is expected for this use case but means the agent will create and store state on the host. Consider that autonomous invocation plus the ability to run arbitrary CLI commands and injected page JS increases the practical blast radius if the agent is allowed to act without supervision.

Assessment

This skill is consistent with a Playwright-CLI helper, but review these points before installing: - The SKILL.md tells the agent to install and run 'playwright-cli' (global npm install) and to download browser binaries; prefer installing in a controlled environment (container or sandbox) rather than globally on an important host. - The instructions reference PLAYWRIGHT_CLI_SESSION (an env var) but the skill metadata doesn't declare it — if you rely on env-based defaults, be explicit about what you set and where sessions will be stored. - Commands like 'run-code', granting clipboard permissions, and network/console inspection let the agent access page content and the system clipboard. Only allow the agent to run this skill when you trust it or when you restrict its autonomy. - Persistent sessions, traces, screenshots, and video files may contain sensitive data (auth cookies, form contents). Clean up sessions/outputDir after use and avoid reusing sessions that hold credentials. - Because this is instruction-only (no bundled code), verify you will install Playwright from a trusted source (official npm package) and consider pinning a version rather than 'latest'. If you need higher assurance, run the CLI in an isolated environment (container/VM) and limit the agent's ability to invoke the skill autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk977d2rps0mecn7327bdw08fwn80j7rq

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Clawbrowser

License

Comments