browser-automation Security Report — Low Risk | ClawSafe

25 /100

browser-automation

浏览器自动化操作与网页交互技能。用于自动填写表单、抓取网页数据、执行网页测试、模拟用户操作、批量处理网页任务。

A legitimate browser automation skill with one hardcoded billing API key, no hidden functionality, and documented capabilities matching implementation.

Skill Namebrowser-automation

Duration44.1s

Enginepi

✓

Safe to install

Hardcode the BILLING_API_KEY is a supply-chain risk - it should be loaded from an environment variable. No other significant security concerns.

Findings 3 items

Severity	Finding	Location
High	Hardcoded billing API key in source code Credential Theft BILLING_API_KEY is hardcoded as a string literal in payment.py:12. Source code containing skill packages is often shared or published, which would expose this credential. The key should be loaded from an environment variable instead. `BILLING_API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"` → Replace hardcoded value with: BILLING_API_KEY = os.environ.get('SKILLPAY_API_KEY') and update _meta.json payment.api_key_env accordingly	`payment.py:12`
Medium	All dependencies use unpinned >= version specifiers Supply Chain requirements.txt specifies all packages with >= without upper bounds (e.g., playwright>=1.40.0, requests>=2.31.0). This allows installation of any future version, including ones with known vulnerabilities. `playwright>=1.40.0` → Pin exact versions (playwright==1.40.0) or narrow ranges to prevent supply-chain attacks via dependency confusion or typosquatting	`requirements.txt:1`
Low	Anti-detection techniques documented in reference files Doc Mismatch references/anti-detection.md and anti-detection-guide.md contain extensive instructions on bypassing bot detection (Canvas fingerprint noise injection, navigator.webdriver override, proxy rotation). These are educational documentation but could enable unauthorized scraping. `context.getImageData = function(x, y, w, h) { const data = originalGetImageData.call(this, x, y, w, h); for (let i = 0; i < data.data.length; i += 4) { data.data[i] += Math.random() > 0.5 ? 1 : 0; } return data; };` → This is a gray area - anti-detection is commonly used for legitimate testing. Consider adding a disclaimer that techniques should only be used on sites you have authorization to test.	`references/anti-detection.md:130`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	scripts/web_scraper.py reads/writes JSON/CSV data files
Network	`READ`	`READ`	✓ Aligned	All scripts use requests/playwright to fetch external URLs
Shell	`NONE`	`NONE`	—	No subprocess or os.system calls found
Browser	`WRITE`	`WRITE`	✓ Aligned	Playwright automation in all scripts
Environment	`NONE`	`READ`	✓ Aligned	payment.py:95 reads SKILLPAY_USER_ID from os.environ
Skill Invoke	`NONE`	`NONE`	—	No inter-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Database	`NONE`	`NONE`	—	No direct database access

2 High 8 findings

🔑

High API Key 疑似硬编码凭证

API_KEY = "sk_f03aa8f8bbcf79f7aa11c112d904780f22e62add1464e3c41a79600a451eb1d2"

payment.py:12

📡

High IP Address 硬编码 IP 地址

120.0.0.0

references/anti-detection-guide.md:49

🔗

Medium External URL 外部 URL

https://search.jd.com/Search?keyword=iPhone

SKILL.md:100

🔗

Medium External URL 外部 URL

https://skillpay.me

payment.py:11

🔗

Medium External URL 外部 URL

https://target-site.com

references/anti-detection-guide.md:177

🔗

Medium External URL 外部 URL

http://2captcha.com/in.php

references/automation-patterns.md:416

🔗

Medium External URL 外部 URL

http://2captcha.com/res.php?key=

references/automation-patterns.md:427

🔗

Medium External URL 外部 URL

https://hooks.slack.com/...

scripts/page_monitor.py:13

File Tree

14 files · 82.9 KB · 3051 lines

Markdown 6f · 1781L Python 6f · 1230L Text 1f · 21L JSON 1f · 19L

├─ ▾ 📁 references

│ ├─ 📝 anti-detection-guide.md Markdown 297L · 6.5 KB

│ ├─ 📝 anti-detection.md Markdown 291L · 6.9 KB

│ ├─ 📝 automation-patterns.md Markdown 476L · 11.8 KB

│ ├─ 📝 browser-tools-reference.md Markdown 272L · 5.8 KB

│ └─ 📝 playwright-guide.md Markdown 259L · 4.6 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 auto_login.py Python 218L · 7.1 KB

│ ├─ 🐍 data_scraper.py Python 167L · 5.2 KB

│ ├─ 🐍 form_filler.py Python 252L · 8.4 KB

│ ├─ 🐍 page_monitor.py Python 228L · 8.1 KB

│ └─ 🐍 web_scraper.py Python 223L · 7.3 KB

├─ 📋 _meta.json JSON 19L · 439 B

├─ 🐍 payment.py Python 142L · 5.2 KB

├─ 📄 requirements.txt Text 21L · 268 B

└─ 📝 SKILL.md Markdown 186L · 5.2 KB

Dependencies 5 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`>=1.40.0`	pip	No	Version not pinned
`selenium`	`>=4.15.0`	pip	No	Version not pinned
`requests`	`>=2.31.0`	pip	No	Version not pinned
`beautifulsoup4`	`>=4.12.0`	pip	No	Version not pinned
`pandas`	`>=2.0.0`	pip	No	Version not pinned

Security Positives

✓ No subprocess, os.system, or shell execution calls - no arbitrary code execution risk

✓ No base64 encoding or obfuscation of any kind

✓ No hidden functionality - all scripts match SKILL.md documentation

✓ SKILL.md accurately declares the skill as a browser automation tool with no overstated capabilities

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, ~/.git-credentials)

✓ No data exfiltration or C2 communication beyond declared billing endpoints

✓ No credential harvesting beyond the skill's own declared billing API key

✓ No persistence mechanisms (no cron jobs, startup scripts, or backdoor installation)

✓ Payment system properly declared in _meta.json with pricing details

Scan Report

Findings 3 items

File Tree

Dependencies 5 items

Security Positives