Playwright Scraper Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a user-directed Playwright web scraper, but it is explicitly built to evade anti-bot protections and uses weakened Chromium security settings.
Review carefully before installing. Use it only for authorized scraping, avoid entering credentials in pages it opens, run it in an isolated environment, and be aware that stealth mode is designed to bypass website bot protections.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using this skill on protected sites could violate site rules, trigger IP/account blocks, or create legal/compliance risk.
The skill explicitly recommends stealth automation to bypass Cloudflare/anti-bot defenses, which can enable misuse against sites that are trying to block automated scraping.
Cloudflare Protected | High | Playwright Stealth ... Hide automation markers (`navigator.webdriver = false`)
Use only on sites you own or have permission to scrape, and add explicit user approval and authorization checks before using stealth mode.
A malicious or compromised website could pose more risk to the local machine than it would in a normally sandboxed browser.
The browser is launched with sandbox and site-isolation protections disabled while visiting user-supplied web pages.
'--no-sandbox', '--disable-setuid-sandbox', '--disable-features=IsolateOrigins,site-per-process'
Run this skill in a disposable container or VM, and avoid disabling Chromium sandbox/site isolation unless strictly necessary.
Installation depends on external package and browser downloads.
The setup downloads npm packages and a Chromium browser binary; this is normal for Playwright but is still external supply-chain material the user should trust before running.
npm install npx playwright install chromium
Install from trusted sources, keep the lockfile, review dependency updates, and run npm audit or equivalent checks.