Skillv1.0.0

ClawScan security

Playwright Cli Skills · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 10:27 AM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's files and runtime instructions are consistent with a Playwright CLI automation/testing helper (including an Amazon scraping helper); it performs local browser automation and writes files to the user's home directory but does not request unrelated credentials or download remote code.
Guidance: This skill appears to do what it says: automate Playwright-driven browser interactions and includes an Amazon scraping helper. Before installing or running it, consider: 1) Playwright CLI and Node must already be installed on your machine. 2) The amazon-search scripts load a local storage-state/auth file (e.g., ~/amazon-auth.json or a project-specific path) and will use cookies/storage from it — those files can contain session tokens; only use auth state you trust and remove it after use. 3) The skill and its docs expose run-code and routing features that can execute arbitrary JS in pages and capture network/request bodies and cookies (use isolated browser sessions or a throwaway profile if you are concerned). 4) The included scripts run local shell commands and write CSV/traces to your home directory; review the JS and shell files before running them and run in a sandboxed account or VM if you need extra safety. If you want, I can point out the exact lines that load auth files, execute shell commands, and write output so you can review them quickly.

Review Dimensions

Purpose & Capability: okName/description (Playwright CLI automation & testing) match the provided SKILL.md, reference docs, and example scripts. The included amazon-search scripts use playwright-cli to open pages, load storage state, extract data, and write CSV output — all expected for a browser automation scraping helper.
Instruction Scope: noteThe SKILL.md and reference docs allow and document powerful operations: run-code (arbitrary JS in the page), loading/saving storage state, cookie/localStorage manipulation, recording traces (which include network bodies), and routing/removing headers (including cookie/authorization). Those are legitimate and expected capabilities for a Playwright/testing skill, but they also let the skill access and persist sensitive data (cookies, tokens, page content) and execute arbitrary page JS—so operators should understand those capabilities before use.
Install Mechanism: okNo install spec is present (instruction-only). The skill does not pull code from remote URLs or install packages itself. Risk is limited to running local binaries (playwright-cli, node) which the user must already install.
Credentials: noteThe skill declares no required env vars or credentials. Scripts use HOME and optional DEBUG env var to locate/read/write files (e.g., an auth state file and CSV output under the user's home). The Amazon scripts expect a saved auth state file; this is coherent but means the skill will access local storage-state files containing cookies/tokens if present.
Persistence & Privilege: okalways is false and the skill does not request to modify other skills or system-wide agent settings. It runs commands that create files under the user's home (auth state, CSV output, traces) which is normal for automation scripts.