Playwright Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent browser-automation documentation, but it gives broad local execution and live-site interaction authority with insufficient guardrails and references runtime code that is not included for review.

Review before installing. Use it mainly on local or staging sites, verify the missing runtime files before running setup or node commands, inspect generated /tmp scripts, avoid production credentials, and require explicit approval before submitting forms, logging into real accounts, or sending authentication headers.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The documentation encourages injecting headers from environment variables into every browser request, but does not warn that these values will be propagated to all destinations the automated browser contacts. In a browser automation skill, that can unintentionally disclose sensitive tokens or internal identifiers to third-party origins, redirects, CDNs, or untrusted test targets.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill description is very broad ('automate any browser task', 'use when user wants to test websites') and can cause the agent to invoke this skill for vague browsing-related requests that may not warrant active browser automation. In context, this increases the chance of unintended navigation, data submission, or interaction with external systems without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation provides concrete examples for login and form submission workflows but does not warn that these actions can transmit credentials, send emails/messages, create records, or otherwise alter remote system state. In a browser automation skill, omission of this warning is dangerous because users or downstream agents may treat these examples as harmless validation steps when they can perform real side effects on live systems.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The custom header guidance encourages adding identifiers and authentication tokens globally to all requests, but it omits a warning that these headers may expose sensitive metadata or secrets to target servers and intermediaries. This is especially risky in a browser automation context because headers can be applied broadly across navigations and subrequests, potentially leaking tokens to unintended destinations.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal