Oathe Security Badge

Is vmercel/playwright-skill safe?

https://clawhub.ai/vmercel/playwright-skill

72
CAUTION

The Playwright skill content appears legitimate and contains standard browser automation documentation. However, the installation process exhibited concerning behavior by accessing multiple sensitive credential files including SSH keys, AWS credentials, and environment variables.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 30/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 50/100 · 10%
Behavioral Reasoning 20/100 · 5%

Findings (5)

CRITICAL Sensitive credential files accessed during installation -70

The installation process accessed multiple sensitive files including .env, SSH private keys, AWS credentials, NPM registry credentials, Docker config, and Google Cloud credentials. While no exfiltration was detected, accessing these files during skill installation is highly suspicious.

HIGH Installation behavior inconsistent with skill purpose -80

While the skill content appears to be legitimate Playwright browser automation documentation, the installation process exhibited concerning behavior by accessing credential files. This pattern could indicate a supply chain attack or compromised installer.

MEDIUM Honeypot files accessed but not modified -50

Multiple canary/honeypot files designed to detect credential access were accessed during installation, though they were not modified or their contents exfiltrated.

LOW JavaScript code examples present -5

The skill contains JavaScript code examples for Playwright automation. While these are documentation examples and not executed during installation, they demonstrate the skill's intended functionality.

LOW Network connections during installation -10

Installation process made network connections to external services, which is expected behavior for downloading from clawhub.ai registry.