Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Webapp Testing
v1.0.0Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing...
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the provided artifacts: Playwright examples and a server helper. No unrelated environment variables, binaries, or install steps are requested. The helper script's ability to start dev servers is appropriate for a local webapp testing toolkit.
Instruction Scope
SKILL.md stays within testing/useful automation patterns (take screenshots, inspect DOM, wait for networkidle). However it explicitly recommends treating bundled scripts as black boxes and not reading source unless necessary — that guidance reduces opportunity for user audit. The runtime instructions and examples show the helper starting arbitrary shell commands and writing files under /mnt/user-data and /tmp; these behaviors are expected for the stated purpose but worth reviewing before execution.
Install Mechanism
No install spec — instruction-only with included example scripts. This minimizes install-time risks (nothing downloaded or extracted). The code is bundled in the skill, so nothing external is fetched at install-time.
Credentials
The skill requests no environment variables or credentials. Example scripts write outputs to /mnt/user-data and /tmp and use localhost ports; these are reasonable for local testing and consistent with the skill's purpose.
Persistence & Privilege
always is false and the skill does not request persistent privileges or modify other skills. Model invocation is enabled (default) which is normal; note that autonomous invocation combined with shell-capable helpers increases blast radius and should be considered by administrators.
Scan Findings in Context
[subprocess-shell-usage] expected: scripts/with_server.py uses subprocess.Popen with shell=True to support complex commands like 'cd ... && npm run dev'. This is expected for a helper that accepts arbitrary shell commands, but shell=True makes it dangerous to run with untrusted inputs or without reviewing the command being executed.
[arbitrary-process-execution] expected: with_server.py launches server processes and then runs a user-specified command; this matches the stated purpose (starting servers then running automation). Still, it executes arbitrary commands given to it, so commands should come from trusted sources.
[writes-to-shared-paths] expected: Examples write outputs to /mnt/user-data/outputs and /tmp which is expected for test artifacts. Confirm these paths are acceptable in your environment.
Assessment
This skill appears to be what it says: Playwright examples plus a helper to start dev servers. Before installing or running it: 1) Inspect scripts/with_server.py — it spawns user-supplied shell commands (subprocess with shell=True); do not supply untrusted commands. 2) Run the helper with --help and test in an isolated environment (container or VM) so a misbehaving dev server or script can't affect your host. 3) If you plan to allow autonomous agent use, restrict or review any commands the agent can pass to the helper (autonomous invocation + shell-capable helpers increases risk). 4) Check where outputs are written (/mnt/user-data, /tmp) and adjust paths or permissions if needed. 5) If you want stronger safety, run the scripts manually the first time and audit the code (contrary to the SKILL.md suggestion to avoid reading source).Like a lobster shell, security has layers — review code before you run it.
chinesevk97dexhch5n9m568tcbkq8wfw183h2cxlatestvk97dexhch5n9m568tcbkq8wfw183h2cxtestingvk97dexhch5n9m568tcbkq8wfw183h2cxwebvk97dexhch5n9m568tcbkq8wfw183h2cx
License
MIT-0
Free to use, modify, and redistribute. No attribution required.