playwriter

[Skill Scanner] Natural language instruction to download and install from URL detected SUSPICIOUS — The component appears to be a legitimate browser automation tool in intent, but its execution model introduces significant supply-chain and data-exfiltration risks. Running `npx playwriter@latest` at runtime without pinned versions or integrity checks is a high-risk pattern. Combined with a Chrome extension that exposes full Playwright APIs and claims to 'bypass automation detection', this creates straightforward paths for credential/session harvesting and exfiltration. Recommend: do not use in sensitive environments until package versions are pinned and audited, the Chrome extension publisher/permissions are verified, runtime integrity checks are enforced, and strict egress/network controls and sandboxing are implemented. If immediate use is required, run in an isolated VM with no sensitive accounts and monitor network traffic. LLM verification: The SKILL.md itself is not direct malware, but it recommends installing a third-party Chrome extension that would provide broad, powerful browser automation capabilities and accept arbitrary Playwright scripts. That combination creates a high-risk supply-chain and privilege escalation vector: sensitive browser data (cookies, form values, local storage, open tabs) and the ability to perform actions on behalf of the user could be exfiltrated or abused. The lack of extension source/manifest and the