Skill Trust Decision
browser-automation
This browser automation skill contains a hardcoded billing API key and extensive anti-detection documentation, presenting moderate security concerns without confirmed malicious behavior.
Most direct threat evidence
High
Hardcoded billing API key exposed in source code BILLING_API_KEY = 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' is hardcoded in payment.py:12 instead of using environment variables
payment.py:12 Why this conclusion was reached
2/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Block
Hidden execution and egress
2 high-risk artifacts or egress signals were extracted.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 1 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
What drove the risk score up
Hardcoded API key exposure +20
BILLING_API_KEY exposed in payment.py:12 without environment variable usage
Anti-detection documentation +15
references/anti-detection-guide.md contains extensive bypass techniques
Undeclared network access +10
Billing HTTP requests to skillpay.me not declared in SKILL.md
Most important evidence
High
Hardcoded billing API key exposed in source code
BILLING_API_KEY = 'sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2' is hardcoded in payment.py:12 instead of using environment variables
payment.py:12 Use os.environ.get('SKILLPAY_API_KEY') instead of hardcoding the key
Medium
Extensive anti-detection documentation
references/anti-detection-guide.md provides detailed instructions for bypassing bot detection, including proxy rotation, fingerprint browsers, and captcha solving services
references/anti-detection-guide.md:1 While browser automation often requires anti-detection measures, document the legitimate use cases and consider removing references to high-risk services
Medium
Undeclared network API calls for billing
payment.py makes HTTP requests to skillpay.me for balance checks and charging, but this is not declared in SKILL.md
payment.py:29 Declare network access for billing purposes in SKILL.md
Low
Automation detection bypass flags
auto_login.py and data_scraper.py use '--disable-blink-features=AutomationControlled' to hide webdriver flags
scripts/auto_login.py:24 This is common practice for legitimate web automation but could be used for unauthorized scraping
Declared capability vs actual capability
Filesystem Pass
Declared NONE
→ Inferred WRITE
Scripts read/write data files (scraped_data.json, cookies) - legitimate for data scraping Network Pass
Declared READ
→ Inferred READ+WRITE
payment.py makes POST requests to skillpay.me for billing - not declared in SKILL.md Shell Pass
Declared NONE
→ Inferred NONE
No subprocess/shell execution found Browser Pass
Declared WRITE
→ Inferred WRITE
Browser automation using Playwright - properly documented Suspicious artifacts and egress
High API Key
API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" payment.py:12
High IP Address
120.0.0.0 references/anti-detection-guide.md:49
Medium External URL
https://search.jd.com/Search?keyword=iPhone SKILL.md:100
Medium External URL
https://skillpay.me payment.py:11
Medium External URL
https://target-site.com references/anti-detection-guide.md:177
Medium External URL
http://2captcha.com/in.php references/automation-patterns.md:416
Medium External URL
http://2captcha.com/res.php?key= references/automation-patterns.md:427
Medium External URL
https://hooks.slack.com/... scripts/page_monitor.py:13
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| playwright | >=1.40.0 | pip | No | Version pinned with minimum |
| requests | >=2.31.0 | pip | No | Used for billing HTTP calls |
| beautifulsoup4 | >=4.12.0 | pip | No | — |
File composition
14 files · 3051 lines
Markdown 6 files · 1781 linesPython 6 files · 1230 linesText 1 files · 21 linesJSON 1 files · 19 lines
Files of concern · 6
references/automation-patterns.md http://2captcha.com/in.php · http://2captcha.com/res.php?key=
scripts/page_monitor.py https://hooks.slack.com/...
scripts/auto_login.py Automation detection bypass flags
references/anti-detection-guide.md Extensive anti-detection documentation · 120.0.0.0 · https://target-site.com
SKILL.md https://search.jd.com/Search?keyword=iPhone
payment.py Hardcoded billing API key exposed in source code · Undeclared network API calls for billing · API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2" · https://skillpay.me
Other files · form_filler.py · web_scraper.py · anti-detection.md · browser-tools-reference.md · data_scraper.py · playwright-guide.md
Security positives
Skill has clear, documented purpose (browser automation) aligned with implementation
No evidence of credential harvesting from target systems
No reverse shell, C2 communication, or data exfiltration detected
Web scraping capabilities appear consistent with declared purpose
Dependencies use reasonable versions (playwright>=1.40.0)