Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Playwright Skill
v0.1.0Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check res...
⭐ 0· 2k·15 current·17 all-time
byVubangsi Mercel@vmercel
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md expects a Node-based runtime (node -e, npm run setup, require('./lib/helpers'), and node run.js) and assumes Playwright/Chromium will be installed, but the skill metadata lists no required binaries and the bundle contains no code files (no lib/helpers, no run.js, no package.json). This is inconsistent: a Playwright automation skill would legitimately require Node/npm and included runner code or a clear install spec.
Instruction Scope
Instructions direct the agent to detect dev servers (via require('./lib/helpers').detectDevServers()), write and execute arbitrary test scripts in /tmp, and run node run.js in the skill directory. Those operations would execute code from the skill directory or the generated /tmp scripts and can interact with local services (port scanning/auto-detection) and remote sites (login flows). Because the referenced helper and runner files are not present, following the instructions as-is will either fail or — if different files with those names exist on disk — execute unexpected code.
Install Mechanism
There is no formal install spec or packaged code; SKILL.md tells the user to run `npm run setup` in the skill directory to install Playwright and Chromium. Without an included package.json or explicit install source, that command will fail or run whatever npm script exists in the discovered directory. Instruction-only design reduces transparency here and elevates risk if the user runs the suggested setup command in an untrusted location.
Credentials
The skill does not request any credentials or environment variables in its metadata. The guidance to parameterize URLs via env vars is reasonable for testing and does not by itself require sensitive secrets. There are no declared requests for unrelated credentials.
Persistence & Privilege
The skill does not request permanent inclusion (always: false), does not declare modifications to other skills or system-wide settings, and instructs only transient actions (writing to /tmp). No elevated persistence is requested.
What to consider before installing
This skill is internally inconsistent. Before installing or running anything: 1) Do not run `npm run setup` or any node commands suggested here until you inspect the skill directory. 2) Check the skill directory ($SKILL_DIR) for package.json, run.js, and lib/helpers.js; if they are missing, the instructions are unusable or deceptive. 3) If those files exist, open them and review their contents for network calls, telemetry, or arbitrary exec before running. 4) Be cautious about allowing any skill to auto-detect local dev servers or execute scripts that perform login flows — these actions can interact with sensitive local services. 5) Prefer running Playwright and your tests under your own control (your own package.json and scripts) rather than running npm scripts from an untrusted skill. If the publisher can provide the missing runner and a clear, auditable install script (or package hosted on a trusted release host), re-evaluate then.Like a lobster shell, security has layers — review code before you run it.
latestvk973mhb19hg9c6bk3zzk6r58th81mbd7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.