ClawHub

Playwright MCP

v1.0.0

Browser automation via Playwright MCP server. Navigate websites, click elements, fill forms, extract data, take screenshots, and perform full browser automation workflows.

113· 33k·461 current·485 all-time
by@spiceman161
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Playwright MCP browser automation) match the declared requirements: the skill lists the playwright-mcp binary and npx and provides an npm install for @playwright/mcp. The tools described (navigate, click, evaluate, screenshot, upload) are expected for a browser-automation skill.
Instruction Scope
SKILL.md contains concrete instructions to start the MCP server and call browser tools. It does not instruct the agent to read unrelated system files or environment variables. However, browser automation inherently has access to web content and (via browser_choose_file and output options) may interact with local files and produce extracted data — this is expected but something users should consciously restrict (allowed-hosts, blocked-origins, filesystem root restriction).
Install Mechanism
Install uses npm (@playwright/mcp) which is a reasonable and common distribution method for Playwright tooling. This is a moderate supply-chain risk compared with no-install skills; review of the npm package and its maintainers is advisable because the skill metadata lacks a homepage and source repository.
Credentials
The skill requests no environment variables, no config paths, and only needs the Playwright MCP binary and npx. Those requirements are proportional to the described functionality.
Persistence & Privilege
always is false and the skill does not request system-wide configuration changes or permanent presence. It does not request elevated privileges in the metadata or via SKILL.md.
Assessment
This skill appears internally consistent for running Playwright MCP, but take these precautions before installing: 1) Verify the npm package: inspect its publisher, repository URL, and recent versions (npm view @playwright/mcp, review package contents or source repo). 2) Run the MCP server in a sandboxed environment (container, VM) and not as root. 3) Configure --allowed-hosts and --blocked-origins, and limit filesystem access (keep output-dir inside a controlled workspace). 4) Be aware that browser automation can access page data and local files (browser_choose_file and evaluate can be used to read and exfiltrate data); only allow trusted targets. 5) If you need high assurance, review the package source code or use an official Playwright distribution from a known repository. If you want, I can show commands to inspect the npm package metadata and contents before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972pbg6hxpha4avba5qzdx78s80ra0z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎭 Clawdis
OSLinux · macOS · Windows
Binsplaywright-mcp, npx

Comments