Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Internal Admin Playwright
v1.0.0Python + Playwright 内部后台自动化技能,支持 VPN(L2TP/IPsec) 可配置接入、严格域名白名单、中文指令路由(例如进入评论管理到视频评论、进入文章管理到文章列表)与固定流程执行。用于受控访问内网后台、禁止外网访问并按预设命令执行菜单操作。
⭐ 0· 17·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description align with the included scripts: Playwright automation, menu routing, whitelist, and VPN helpers. However registry metadata declared no required env vars while SKILL.md (and the code) expect STAFF_USERNAME/STAFF_PASSWORD, GOOGLE_OTP, AUTO_VPN, HEADLESS, etc. Also the repository includes a populated references/vpn_config.yaml (server/username/password/psk) which is unexpected to ship as plaintext in a skill package.
Instruction Scope
Runtime instructions (SKILL.md and scripts) instruct the agent to: potentially bring up an L2TP/IPsec VPN, modify system VPN files, change routing, and launch a browser context that will route requests via a proxy if HTTP_PROXY is set. The code also attempts to read a fallback rules.json from Path.home() (other skill data in the user's home), which is cross-skill file access not documented in SKILL.md. These behaviors go beyond simple page automation and require explicit user consent and environment isolation.
Install Mechanism
No install spec is included in the registry, but the README documents installing Python deps and Playwright browsers (requirements.txt references playwright==1.53.0). That's reasonable, but running Playwright also requires installing browser binaries (not automatic from the registry) and the README indicates such steps. No remote, untrusted downloads were found in the skill itself.
Credentials
The skill expects/reads sensitive credentials (staff account, OTP) via environment variables and also ships a references/vpn_config.yaml containing a server, username, password and PSK — sensitive secrets committed in the package. The registry metadata did not declare required envs, creating an inconsistency. The code honors HTTP_PROXY/HTTPS_PROXY and will route all Playwright traffic through an arbitrary proxy if set, which could be used to exfiltrate credentials unless the user controls that proxy.
Persistence & Privilege
The VPN helper writes system files under /etc (ipsec.conf, ipsec.secrets, xl2tpd and ppp options) and runs privileged network commands (ipsec up/down, ip route replace, starting xl2tpd, pkill, etc.). These actions require root and modify host network configuration — a high privilege and persistent effect on the machine. The skill is not marked always:true, but it nevertheless performs system-level changes when invoked.
What to consider before installing
This skill implements exactly the advertised automation but requires high privileges and contains surprising/unsafe defaults. Before installing or running it: 1) Do NOT run it on a production or sensitive host; run in an isolated VM/container with no access to your real credentials or network. 2) Remove or replace the committed references/vpn_config.yaml (it contains cleartext VPN credentials) and never keep production secrets in the repo — use a secret manager or pass them via environment only at runtime. 3) Expect to run parts of this as root (VPN setup) — review and approve every command that writes to /etc or changes routing. If you won't grant root, disable AUTO_VPN and avoid running vpn_l2tp.py. 4) Audit and optionally remove proxy usage (HTTP_PROXY/HTTPS_PROXY) so traffic cannot be routed through an attacker-controlled proxy. 5) Note the code reads a fallback rules file in the user's home (~/.openclaw/skills/...), which is cross-skill file access; ensure that file is safe or modify the code to avoid reading outside the skill directory. 6) Review code for bugs and edge cases (e.g., review_comments.py references processed_ids but it is not initialized — this will raise errors). 7) If you intend to use it, replace embedded secrets with templates, document required env vars in registry metadata, and run a manual review and least-privilege deployment (dedicated VM, network restrictions, no sensitive account reuse). If you cannot perform these steps, treat the skill as too risky to run.Like a lobster shell, security has layers — review code before you run it.
latestvk9731hksc4jvr2jzh2z28ssdcd8500yc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.