ClawHub

Playwright Scraper Skill

Security checks across malware telemetry and agentic risk

Overview

This is a functional web-scraping skill, but it needs Review because it actively promotes bypassing anti-bot protections without clear authorization safeguards.

Install only if you will use it for authorized scraping of sites you control or are explicitly permitted to automate. Avoid using stealth mode to bypass access controls, Cloudflare challenges, CAPTCHAs, rate limits, or login barriers without permission. Treat screenshots, saved HTML, JSON outputs, and any cookies or session data as sensitive; store them securely and delete them when no longer needed. Pin and update Playwright, and keep browser sandboxing enabled where your environment allows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documentation advertises use of environment variables such as SCREENSHOT_PATH, WAIT_TIME, HEADLESS, SAVE_HTML, and USER_AGENT, which indicates runtime access to environment-controlled behavior, yet no permissions are declared. In an agent ecosystem, undocumented capability requirements reduce transparency and can lead operators to approve or run a skill without understanding its execution surface or what data/behavior can be influenced externally.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly promotes stealth scraping and anti-bot evasion techniques such as hiding automation indicators and simulating human behavior, but it does not warn users about legal, privacy, or website policy implications. In the context of an agent skill, this lowers the barrier to misuse against protected sites and normalizes bypassing site defenses without any guardrails or acceptable-use guidance.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes stealth scraping and anti-bot evasion techniques such as hiding automation fingerprints, using realistic user agents, and working around Cloudflare-style protections, but provides no warning about legal, contractual, privacy, or policy risks. In a scraping skill, this context increases concern because the documentation normalizes bypassing site defenses and may encourage misuse against protected targets.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports saving screenshots and full HTML from scraped pages, but the documentation does not warn that these artifacts may persist sensitive page contents, session state, personal data, or copyrighted material on disk. In a scraping context, this is more dangerous because targets may include authenticated, dynamic, or anti-bot-protected pages whose rendered output can contain non-public information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly instructs users to save screenshots, HTML, and scrape output to local files, but it does not warn that those files may contain sensitive scraped content, session-related page state, or proprietary website data. In a scraping skill, this omission increases the chance of accidental local data retention, exposure through shared directories, or downstream mishandling of captured content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation showcases scraping an anti-bot protected site and later recommends tactics such as delays, headful mode, and proxies to avoid blocking, without any warning about compliance with site terms, authorization, or legal/policy constraints. In the context of a scraping skill marketed for anti-bot protection, this materially increases misuse risk by normalizing evasion behavior rather than framing it as restricted or consent-based testing.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"author": "多米",
  "license": "MIT",
  "dependencies": {
    "playwright": "^1.40.0"
  }
}
Confidence
91% confidence
Finding
"playwright": "^1.40.0"

Known Vulnerable Dependency: playwright==1.40.0 — 1 advisory(ies): CVE-2025-59288 (Playwright downloads and installs browsers without verifying the authenticity of)

High
Category
Supply Chain
Confidence
98% confidence
Finding
playwright==1.40.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal