Security Audit

playwright-scraper-skill

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

playwright-scraper-skill received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Arbitrary file write via SCREENSHOT_PATH environment variable, Chromium launched with disabled sandbox.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.

Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

61%

Behavioral Risk Signals

Filesystem Write

2 findings

Shell Execution

1 finding

Excessive Permissions

3 findings

Security Findings5

Severity	Finding	Layer	Location
HIGH	Arbitrary file write via SCREENSHOT_PATH environment variable The `playwright-simple.js` and `playwright-stealth.js` scripts allow users to specify a `SCREENSHOT_PATH` via an environment variable. If an attacker can control this environment variable, they can cause the skill to write files (screenshots, and in `playwright-stealth.js`, also HTML content) to arbitrary locations on the filesystem. This could lead to overwriting critical system files, writing to sensitive directories, or exfiltrating data by writing it to a publicly accessible location. Implement path sanitization and validation for `SCREENSHOT_PATH`. Restrict file writes to a designated, isolated directory (e.g., a temporary directory within the skill's sandbox) and prevent absolute paths or directory traversal (`../`). If the skill is intended to save files to user-specified locations, ensure the user explicitly confirms the path or that the environment enforces strict sandboxing.	LLM	scripts/playwright-simple.js:10
HIGH	Arbitrary file write via SCREENSHOT_PATH environment variable The `playwright-simple.js` and `playwright-stealth.js` scripts allow users to specify a `SCREENSHOT_PATH` via an environment variable. If an attacker can control this environment variable, they can cause the skill to write files (screenshots, and in `playwright-stealth.js`, also HTML content) to arbitrary locations on the filesystem. This could lead to overwriting critical system files, writing to sensitive directories, or exfiltrating data by writing it to a publicly accessible location. Implement path sanitization and validation for `SCREENSHOT_PATH`. Restrict file writes to a designated, isolated directory (e.g., a temporary directory within the skill's sandbox) and prevent absolute paths or directory traversal (`../`). If the skill is intended to save files to user-specified locations, ensure the user explicitly confirms the path or that the environment enforces strict sandboxing.	LLM	scripts/playwright-stealth.js:19
MEDIUM	Unpinned npm dependency version Dependency 'playwright' is not pinned to an exact version ('^1.40.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/waisimon/playwright-scraper-skill/package.json
MEDIUM	Chromium launched with disabled sandbox The `playwright-stealth.js` script launches Chromium with `--no-sandbox` and `--disable-setuid-sandbox` flags. While this might be necessary in some containerized environments or for specific anti-bot techniques, it significantly reduces the security posture of the browser process. If a vulnerability exists within the Chromium browser itself (e.g., a zero-day exploit), disabling the sandbox makes it easier for an attacker to escape the browser process and potentially gain access to the underlying system. Re-evaluate the necessity of disabling the sandbox. If absolutely required, ensure the skill runs in a highly isolated environment (e.g., a dedicated container with minimal privileges) to mitigate the increased risk. Document this security implication clearly for users.	LLM	scripts/playwright-stealth.js:30
LOW	Caret dependency for `playwright` in `package.json` The `package.json` specifies `playwright: "^1.40.0"`. This caret (`^`) allows `npm` to install any version from `1.40.0` up to, but not including, `2.0.0`. While `package-lock.json` pins the version to `1.58.2`, environments that do not respect `package-lock.json` (or if it's accidentally deleted/ignored) could install a newer, potentially vulnerable version of `playwright` if a supply chain attack were to compromise a future minor release. Pin the `playwright` dependency to an exact version (e.g., `"playwright": "1.58.2"`) in `package.json` to ensure consistent and predictable installations across all environments.	LLM	package.json:18

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/c5e2206457969931.svg)](https://skillshield.io/report/c5e2206457969931)