Habilidades browsing-with-playwright Historial de auditorías
🌐

Historial de auditorías

browsing-with-playwright - 5 auditorías

Versión de auditoría 5

Más reciente Riesgo bajo

Jan 16, 2026, 05:25 PM

Legitimate browser automation skill using official Playwright MCP protocol. All network traffic is localhost-only to the MCP server. Shell command patterns in static findings are false positives from markdown documentation formatting and legitimate local server lifecycle management. No data exfiltration or external network calls detected.

7
Archivos escaneados
1,865
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
scripts/mcp-client.py:204-212
StdioTransport uses shell=True
The StdioTransport class uses shell=True for subprocess spawning when connecting to MCP servers. While this is legitimate for local MCP server spawning, the pattern is noted for completeness.

Factores de riesgo

🌐 Acceso a red (1)
scripts/mcp-client.py:33-34
⚡ Contiene scripts (3)
scripts/start-server.sh:1-26 scripts/stop-server.sh:1-29 scripts/verify.py:1-21
⚙️ Comandos externos (1)
scripts/mcp-client.py:191-212

Versión de auditoría 4

Riesgo bajo

Jan 16, 2026, 05:25 PM

Legitimate browser automation skill using official Playwright MCP protocol. All network traffic is localhost-only to the MCP server. Shell command patterns in static findings are false positives from markdown documentation formatting and legitimate local server lifecycle management. No data exfiltration or external network calls detected.

7
Archivos escaneados
1,865
Líneas analizadas
4
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
scripts/mcp-client.py:204-212
StdioTransport uses shell=True
The StdioTransport class uses shell=True for subprocess spawning when connecting to MCP servers. While this is legitimate for local MCP server spawning, the pattern is noted for completeness.

Factores de riesgo

🌐 Acceso a red (1)
scripts/mcp-client.py:33-34
⚡ Contiene scripts (3)
scripts/start-server.sh:1-26 scripts/stop-server.sh:1-29 scripts/verify.py:1-21
⚙️ Comandos externos (1)
scripts/mcp-client.py:191-212

Versión de auditoría 3

Riesgo bajo

Jan 10, 2026, 10:29 AM

Legitimate browser automation skill using official Playwright MCP protocol. All network traffic is localhost-only to the MCP server. Scripts manage local process lifecycle. No data exfiltration or external network calls detected.

6
Archivos escaneados
1,537
Líneas analizadas
5
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
scripts/mcp-client.py:204-212
Shell command execution in stdio transport
The mcp-client.py StdioTransport class uses shell=True when spawning subprocess (line 204-212). While used for legitimate MCP server spawning, shell=True can be risky if command input is not properly validated. Code: `subprocess.Popen(self.command, shell=True, stdin=...`

Factores de riesgo

⚡ Contiene scripts (2)
scripts/start-server.sh:1-26 scripts/stop-server.sh:1-29
🌐 Acceso a red (1)
scripts/mcp-client.py:1-490
📁 Acceso al sistema de archivos (2)
scripts/start-server.sh:6-16 scripts/mcp-client.py:33-34
⚙️ Comandos externos (4)
scripts/verify.py:3-10 scripts/start-server.sh:15 scripts/stop-server.sh:28 scripts/mcp-client.py:204-212

Versión de auditoría 2

Riesgo bajo

Jan 10, 2026, 10:29 AM

Legitimate browser automation skill using official Playwright MCP protocol. All network traffic is localhost-only to the MCP server. Scripts manage local process lifecycle. No data exfiltration or external network calls detected.

6
Archivos escaneados
1,537
Líneas analizadas
5
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
scripts/mcp-client.py:204-212
Shell command execution in stdio transport
The mcp-client.py StdioTransport class uses shell=True when spawning subprocess (line 204-212). While used for legitimate MCP server spawning, shell=True can be risky if command input is not properly validated. Code: `subprocess.Popen(self.command, shell=True, stdin=...`

Factores de riesgo

⚡ Contiene scripts (2)
scripts/start-server.sh:1-26 scripts/stop-server.sh:1-29
🌐 Acceso a red (1)
scripts/mcp-client.py:1-490
📁 Acceso al sistema de archivos (2)
scripts/start-server.sh:6-16 scripts/mcp-client.py:33-34
⚙️ Comandos externos (4)
scripts/verify.py:3-10 scripts/start-server.sh:15 scripts/stop-server.sh:28 scripts/mcp-client.py:204-212

Versión de auditoría 1

Riesgo bajo

Jan 10, 2026, 10:29 AM

Legitimate browser automation skill using official Playwright MCP protocol. All network traffic is localhost-only to the MCP server. Scripts manage local process lifecycle. No data exfiltration or external network calls detected.

6
Archivos escaneados
1,537
Líneas analizadas
5
hallazgos
claude
Auditado por
Problemas de riesgo bajo (1)
scripts/mcp-client.py:204-212
Shell command execution in stdio transport
The mcp-client.py StdioTransport class uses shell=True when spawning subprocess (line 204-212). While used for legitimate MCP server spawning, shell=True can be risky if command input is not properly validated. Code: `subprocess.Popen(self.command, shell=True, stdin=...`

Factores de riesgo

⚡ Contiene scripts (2)
scripts/start-server.sh:1-26 scripts/stop-server.sh:1-29
🌐 Acceso a red (1)
scripts/mcp-client.py:1-490
📁 Acceso al sistema de archivos (2)
scripts/start-server.sh:6-16 scripts/mcp-client.py:33-34
⚙️ Comandos externos (4)
scripts/verify.py:3-10 scripts/start-server.sh:15 scripts/stop-server.sh:28 scripts/mcp-client.py:204-212
← Volver a Skill