playwright

该 skill 的核心能力与“浏览器自动化”目的基本一致，未见明显凭证外传或已知窃取端点，因此不构成明确恶意。主要风险来自两点：一是远程更新流程会从第三方 GitHub 仓库直接覆盖本地 skill；二是其可对不受信网页执行高权限浏览器操作并读取会话/页面数据，存在供应链和间接提示注入风险。总体判定为 SUSPICIOUS 而非 MALICIOUS。

This file itself functions as a high-privilege command dispatcher that dynamically loads many browser automation tools and executes the chosen handler with unvalidated JSON parameters, then serializes and prints results/errors to stdout. There is no direct malicious behavior visible in this fragment (no eval/obfuscation/exfiltration), but the combination of (a) untrusted input flowing into powerful handlers and (b) potential sensitive output leakage makes the module a moderate security risk pending review of the referenced ./lib/* and ./tools/* implementations.

This snippet implements an automation capability that executes caller-supplied JavaScript using both browser-side `evaluate(...)` and Node-side dynamic function construction (`new Function('return ' + fn)()`). Because `params.function` is unvalidated and the result is returned to the caller, it functions as a high-risk arbitrary execution/data-disclosure primitive within the context of the targeted page. No clear malicious backdoor behavior is visible in the snippet alone; the primary risk is capability misuse rather than covert malware.

This module is a high-risk “code execution” primitive: it inlines caller-supplied JavaScript into a dynamically executed VM script and exposes a powerful tab/page object to that code, then reflects code and results back to the response. While the snippet itself contains no hardcoded malicious behavior, the security impact depends entirely on whether params.code is fully trusted and whether additional sandbox hardening/controls exist elsewhere. Treat as requiring strict trust boundaries and robust execution restrictions.