FastPlayWright Skill
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent browser automation guide, but users should notice it relies on an unpinned external MCP package and can automate account actions in the browser.
This skill appears appropriate for browser automation. Before installing, review the external MCP package, consider pinning its version instead of using @latest, and use explicit confirmations for sensitive web actions such as logins, submissions, purchases, account changes, or deletions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The actual MCP server code may change over time and is outside the reviewed skill artifact.
The skill instructs use of an external npm-hosted MCP server with the mutable @latest tag, while the registry provides no install spec for that dependency.
"command": "npx", "args": ["@tontoko/fast-playwright-mcp@latest"]
Pin a specific package version, review the package source/provenance, and prefer a declared install specification before relying on it for sensitive browsing.
A mistaken or ambiguous instruction could cause multiple browser actions, such as filling and submitting a form, before the user reviews each step.
The skill encourages chaining navigation, typing, clicking, and other browser operations into one request; that is central to its purpose but can magnify mistakes on sensitive sites.
For 2+ operations, ALWAYS use `browser_batch_execute` instead of individual tool calls.
Use it for explicit browser tasks and require confirmation before irreversible or sensitive actions such as purchases, account changes, posts, deletions, or form submissions.
If used with real credentials or logged-in sessions, browser actions may be performed as the user on third-party websites.
The documented examples include entering a password and logging in, showing that the skill may operate under a user's web identity when directed.
{ "tool": "browser_type", "arguments": { "selectors": [{ "css": "#password" }], "text": "password123" } }, { "tool": "browser_click", ... "text": "Login" }Only provide credentials for intended sites, avoid unnecessary use on sensitive accounts, and review/confirm actions that affect accounts or data.