clawbrowser

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill includes explicit CLI examples that embed plaintext credentials (e.g., playwright-cli fill e2 "supersecret") and instructs using fill/click commands that would require the agent to output user secrets verbatim, creating a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). SKILL.md's "Core interaction loop" explicitly instructs the agent to run playwright-cli open and use snapshot to read the page DOM and element refs, so the agent will fetch and interpret arbitrary public web pages (untrusted third-party content) which can influence subsequent actions.