qa-browser-tester Security Report — Low Risk | ClawSafe

20 /100

qa-browser-tester

Launch a real headless browser on the server and perform exhaustive end-to-end QA testing of a web application — clicking every button, filling every form, navigating every menu, and simulating a complete user journey.

A legitimate QA browser automation skill using Playwright; documented behavior aligns with actual implementation, but install commands and Python subprocess usage are under-documented in SKILL.md.

Skill Nameqa-browser-tester

Duration33.4s

Enginepi

✓

Safe to install

Add explicit declarations in SKILL.md for shell:WRITE (apt-get, pip install, bootstrap.pypa.io) and the subprocess memory check in docker-setup.md. Pin Playwright to a specific version. Otherwise safe for use.

Findings 3 items

Severity	Finding	Location
Low	Shell installation commands under-declared in SKILL.md Doc Mismatch Phase 1 uses apt-get, pip3 install, and downloads get-pip.py from bootstrap.pypa.io, but SKILL.md does not explicitly declare shell:WRITE or the remote bootstrap URL in the capability declarations. `apt-get update -qq && apt-get install -y python3-pip curl -qq` → Add a 'Required Permissions' section in SKILL.md explicitly declaring shell:WRITE for package installation and network:READ for bootstrap.pypa.io.	`SKILL.md:58`
Low	Playwright dependency not version-pinned Supply Chain pip3 install playwright has no version constraint, allowing any version to be installed including potentially compromised ones. `pip3 install playwright` → Pin Playwright to a specific version, e.g., pip3 install playwright==1.42.0, and verify the hash.	`SKILL.md:60`
Low	subprocess memory check undeclared in capability map Doc Mismatch references/docker-setup.md uses subprocess.run(['free', '-m']) for memory checks but this environment:READ behavior is not reflected in SKILL.md capability declarations. `subprocess.run(['free', '-m'], capture_output=True, text=True)` → Document that this skill reads system memory information for safety checks.	`references/docker-setup.md:44`

Resource	Declared	Inferred	Status	Evidence
Browser	`WRITE`	`WRITE`	✓ Aligned	references/test-phases.md:1 — p.chromium.launch() via Playwright
Filesystem	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:129 — mkdir -p /tmp/qa_screenshots; references/test-phases.md:13 — os.m…
Network	`READ`	`READ`	✓ Aligned	references/test-phases.md:40 — page.goto() fetching target URLs
Shell	`WRITE`	`WRITE`	✓ Aligned	SKILL.md:58-77 — apt-get/pip install; references/test-phases.md:1 — python3 << '…
Environment	`NONE`	`READ`	✓ Aligned	references/docker-setup.md — subprocess.run(['free', '-m']); SKILL.md Phase 0 re…
Skill Invoke	`NONE`	`NONE`	—	N/A
Clipboard	`NONE`	`NONE`	—	N/A
Database	`NONE`	`NONE`	—	N/A

2 findings

🔗

Medium External URL 外部 URL

https://bootstrap.pypa.io/get-pip.py

SKILL.md:72

🔗

Medium External URL 外部 URL

https://your-app-url-here.com

SKILL.md:128

File Tree

3 files · 25.6 KB · 701 lines

Markdown 3f · 701L

├─ ▾ 📁 references

│ ├─ 📝 docker-setup.md Markdown 91L · 2.8 KB

│ └─ 📝 test-phases.md Markdown 431L · 18.1 KB

└─ 📝 SKILL.md Markdown 179L · 4.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`playwright`	`*`	pip	No	Version not pinned — supply chain risk

Security Positives

✓ All core functionality (browser automation, form testing, navigation) is accurately documented in SKILL.md and references/

✓ No credential harvesting or exfiltration — test credentials are generated locally and never leave the session

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)

✓ No base64, eval, obfuscation, or anti-analysis techniques

✓ Chromium is launched with correct sandbox-disabling flags appropriate for container environments

✓ Screenshots and data remain in /tmp/qa_screenshots — no external data transfer

✓ No persistence mechanisms (no cron, no startup hooks, no service registration)

✓ No reverse shell, C2 communication, or remote code execution patterns

Scan Report

Findings 3 items

File Tree

Dependencies 1 items

Security Positives