playright-cli-zh

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Playwright browser-automation guide, but it needs review because it normalizes accessing and saving browser sessions, cookies, profiles, traces, and recordings without enough safety guardrails.

Install only if you are comfortable letting an agent drive browsers and inspect or persist browser state. Use dedicated test browsers and test accounts, avoid attaching to personal or work browser sessions, do not trace or record real payment/authentication/PII flows, and treat saved auth state, snapshots, traces, videos, and raw outputs as sensitive files.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (9)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly documents commands to list, get, set, save, and clear cookies, localStorage, and sessionStorage, including state-save/state-load, but provides no warning that these stores may contain authentication tokens, session identifiers, or other sensitive user data. In an agent context, this materially increases the risk of privacy violations or credential/session exfiltration because the documented workflows normalize inspection and export of browser state without requiring user confirmation or data-minimization guidance.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The raw-output examples demonstrate extracting a session cookie into a shell variable and writing browser-derived data to files, which creates a direct recipe for secret capture and local persistence of sensitive data. Because '--raw' is presented as suitable for piping to other tools, the skill lowers friction for automated exfiltration or unintended disclosure of authenticated session material.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill documents attaching to existing browsers via extension/CDP and using persistent profiles, which can expose a real user's authenticated browsing state, cookies, history, and stored credentials. Without clear warnings or restrictions, an agent could connect to a live browser or reuse a profile and access non-sandboxed personal or corporate data far beyond a test environment.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: This documentation explicitly encourages execution of arbitrary Playwright code and includes examples that grant sensitive browser permissions, read clipboard contents, save authentication state, download files, and scrape page content, but it does not warn users about privacy, credential, or local file impact. In a browser automation skill, these capabilities are expected, but presenting them without guardrails increases the chance of unsafe use, data exposure, or unintended persistence of sensitive artifacts such as auth.json and downloaded files.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The authentication-state examples explicitly show saving and later restoring browser cookies and localStorage, which commonly contain live session tokens. Although the document includes general security notes later, the example itself normalizes credential persistence to disk without an immediate warning that the file must be treated like a secret and can enable account takeover if exposed.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The save-state examples instruct users to write full browser state to disk, and the documented format includes cookies and localStorage values that may contain session identifiers or other secrets. Without an inline warning at the point of use, users may unknowingly create sensitive artifacts that can be copied, committed, or reused to impersonate sessions.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The documentation explicitly states that traces capture DOM snapshots, screenshots, console logs, and full network requests and responses, but it does not warn that these artifacts can contain credentials, session tokens, personal data, or other secrets. In a browser automation skill, this is materially risky because users may enable tracing against real applications and then persist sensitive data to disk by default.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The example shows tracing enabled while entering payment-card-like data and submitting it, which encourages users to record highly sensitive financial information into trace files, screenshots, DOM snapshots, and network logs. Because the same document also explains that full requests/responses and screenshots are captured, this creates a clear risk of storing cardholder data in local artifacts and potentially violating compliance requirements.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The documentation encourages recording browser sessions for debugging, documentation, and proof of work, but it does not warn that videos can capture sensitive on-screen content such as credentials, PII, session information, internal dashboards, or other confidential data. Because it also suggests saving recordings to files and sharing them as verification artifacts, users may unintentionally retain or distribute sensitive material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal