Back to skill

Security audit

Playwright Pro 2.1.1

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Playwright testing toolkit, but it needs Review because several templates and integrations can use real credentials, upload test details, or mutate live account/API data without enough guardrails.

Install only if you intend to let the agent add and run Playwright test infrastructure. Before using it, set a rule that generated tests must target staging or isolated test tenants, use disposable accounts and low-privilege secrets, keep storageState files out of git and artifacts, and preview any Slack/TestRail/BrowserStack upload before sending. Do not aim the API, payment, password, account-deletion, or lockout templates at production data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (18)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The example writes authenticated browser state to `.auth/user.json`, which can contain reusable session cookies or tokens. Without an explicit warning to treat that file as sensitive, avoid committing it, restrict permissions, and rotate credentials, users may persist privileged auth material on disk and accidentally leak it through source control, artifacts, or shared CI environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill directs the agent to create and modify repository files, including test configs, package scripts, .gitignore entries, and CI workflows, without requiring explicit user confirmation before making those changes. In an agentic environment, this can lead to unexpected persistence, workflow changes, and potentially costly or disruptive CI executions even if the content is not overtly malicious.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is designed to post test summaries to Slack whenever a webhook environment variable is present, but it does not require explicit user confirmation or warn that failed test details may leave the local environment. Test results and error messages can contain sensitive information such as internal URLs, stack traces, credentials accidentally printed in logs, or proprietary test names, making silent exfiltration to an external service risky.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill tells the agent to apply all fixes with the Edit tool after a simple Yes/No prompt, but it does not clearly warn the user that their files will be modified or summarize the exact changes first. This can lead to unintended bulk edits, especially in a project-wide review flow, increasing the risk of destructive or overbroad modifications to test code.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs pushing Playwright execution results, including failure messages, to an external TestRail instance without requiring a user-facing disclosure or confirmation at the time of transmission. Test outputs and error details can contain sensitive internal information such as URLs, stack traces, credentials in logs, or proprietary test names, so silent export increases data leakage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template includes a destructive delete mutation test against a live GraphQL endpoint using authenticated requests, but it provides no warning to use only disposable test data or non-production environments. In a testing toolkit, users may copy this verbatim into CI or shared environments, creating a realistic risk of unintended deletion of real records.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template instructs users to supply a valid auth token and both HTTP and WebSocket endpoints, then demonstrates authenticated requests without any guidance on secret handling, least privilege, or environment safety. This increases the chance of users embedding real credentials in tests, targeting production services, or exposing sensitive data through logs and automation systems.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The template includes a destructive DELETE test that removes data from a real API endpoint but does not warn users to run only against isolated test environments or disposable fixtures. In a testing toolkit, this can easily lead to accidental deletion of production or shared staging data when users paste in real credentials and base URLs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template instructs users to supply a valid auth token and sends it in API requests without guidance on secure handling, storage, or scoping of credentials. In agent-generated code and templates, this increases the chance that powerful tokens are copied into files, prompts, logs, or test artifacts and then used against sensitive environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The template explicitly instructs use of valid credentials and includes a lockout-triggering test, but provides no safeguards about using dedicated test accounts, non-production environments, or the risk of disabling a real user account. In a production-grade testing toolkit, this could lead users to run the workflow against shared or production identities, causing account lockouts, service disruption, or unsafe handling of credentials.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The social login test redirects users to a third-party identity provider without warning that test execution may disclose metadata, trigger external authentication events, or interact with live federated accounts. While common in browser testing, omitting privacy and environment guidance can cause accidental use of real identities or unintended external traffic.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The template instructs users to supply highly sensitive authentication material including MFA credentials, a TOTP seed, and backup codes, but provides no warning or handling guidance. In a testing toolkit context, this can lead users to place real secrets into source files, CI variables, logs, screenshots, or shared test fixtures, increasing the risk of account compromise and MFA bypass if those secrets are exposed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This template performs a real password-reset and subsequent login flow using live-looking placeholders such as username, reset token, and new password, but it does not clearly warn that it mutates account state and must only be used against isolated test accounts in a non-production environment. In a Playwright automation toolkit, users may copy this directly into CI or shared environments, risking unintended password changes, account lockouts, test-data corruption, or accidental use against real user accounts.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The template explicitly encourages use of real account credentials, session cookie names, and persistent-auth flows without any warning to use test accounts, isolated environments, or dummy cookie values. In a Playwright testing skill, this can lead users to run the template against production or shared environments and mishandle authentication artifacts, increasing the risk of account misuse, session leakage, or unsafe test practices.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The template includes multiple tests that perform destructive actions such as clearing all notifications, but it provides no warning that running the generated tests will mutate account data and may erase user-visible state. In a production-grade Playwright toolkit, users may apply templates against shared staging or even production-like environments, so omission of safeguards increases the risk of unintended data loss and misleading test outcomes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This template performs real state-changing actions in the target application: it registers new accounts and includes a pattern for injecting an authenticated session cookie. In a production-grade testing skill, users may aim these tests at non-test environments, causing unintended account creation, polluted data, or unauthorized access if real session values are supplied, especially because the template does not prominently warn that it mutates application state.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The template includes a test flow that deletes the last item in a list and confirms the action, but it does not warn users that generated tests will perform destructive state changes. In a production-grade Playwright toolkit, users may run generated tests against shared, staging, or even misconfigured production environments, so an unguarded deletion example can cause unintended data loss or service disruption.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The template performs state-changing actions against a real authenticated account, including updating profile data and uploading an avatar file, but it does not warn users that executing these tests can modify persistent account data. In a production-grade testing skill, this omission is risky because users may run the template against production or shared environments and unintentionally alter accounts, trigger email verification flows, or upload unwanted files.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.