Security Audit

playwright-testing

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 1 month ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

playwright-testing received a trust score of 83/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Potential Command Injection via nodes.run tool, Broad browser tool access with potential for SSRF and Data Capture.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
HIGH	Potential Command Injection via nodes.run tool The skill explicitly demonstrates the use of the `nodes.run` tool to execute arbitrary Python scripts on a `MiniPC` node. If the `command` argument to `nodes.run` is constructed using untrusted user input, it could lead to arbitrary command execution on the remote system, bypassing security controls. When using `nodes.run`, ensure that the `command` array and its arguments are strictly controlled and never directly incorporate untrusted user input. Prefer using pre-defined, parameterized scripts or a more constrained execution environment instead of allowing arbitrary script execution.	LLM	SKILL.md:70
MEDIUM	Broad browser tool access with potential for SSRF and Data Capture The skill demonstrates using the `browser` tool for navigation and screenshots on a `MiniPC` node. If the `targetUrl` for `browser action=navigate` is user-controlled, it could lead to Server-Side Request Forgery (SSRF) if the `MiniPC` has access to internal networks. Additionally, `browser action=screenshot` could capture sensitive information from arbitrary web pages if the navigation is not carefully controlled, leading to data exfiltration. Implement strict validation and sanitization for any user-provided URLs passed to `browser action=navigate`. Restrict navigation to allowed domains or use a proxy that filters requests. Be cautious about what information is captured via screenshots, especially if the navigated content is user-influenced.	LLM	SKILL.md:67

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8ba80b46b233183c.svg)](https://skillshield.io/report/8ba80b46b233183c)