ClawHub

Webapp Testing

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Playwright web-app testing helper, with expected local command execution and capture outputs that users should handle carefully.

Install only for trusted local web-app projects. Review every --server command before running it, avoid passing generated or untrusted strings into that option, and treat screenshots, DOM dumps, and console logs as sensitive files that may need redaction or deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
print(f"Starting server {i+1}/{len(servers)}: {server['cmd']}")

            # Use shell=True to support commands with cd and &&
            process = subprocess.Popen(
                server['cmd'],
                shell=True,
                stdout=subprocess.PIPE,
Confidence
98% confidence
Finding
process = subprocess.Popen( server['cmd'], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs users to run Python helper scripts and shell commands, and mentions capabilities like server management and Playwright automation, but the metadata declares no permissions. That creates a transparency and policy gap: operators may invoke the skill without realizing it can execute shell commands and write files such as screenshots or automation scripts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages taking screenshots, dumping page content, and capturing browser logs from local web applications without warning that those artifacts may contain sensitive information such as tokens, session data, personal information, or proprietary UI state. In a local webapp-testing context this is especially relevant because developers often test against real or semi-real data and localhost admin interfaces.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This example persists all browser console output to a file under /mnt/user-data/outputs without any filtering, redaction, or warning. Console logs can contain sensitive data such as tokens, internal error details, user identifiers, or application secrets emitted during testing, so writing them to durable storage increases the risk of unintended retention and later exposure.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This script is explicitly designed to execute user-supplied server commands, but it provides no prominent warning that the --server value is passed through a shell. In a webapp-testing skill, users may treat automation helpers as safe utilities, increasing the chance that unsafe or externally influenced input is passed through and leads to command execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal