Playwright 1.0.3
v1.0.0Browser automation via Playwright MCP. Navigate websites, click elements, fill forms, take screenshots, extract data, and debug real browser workflows. Use w...
⭐ 0· 32·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (Playwright browser automation, MCP, scraping, screenshots, tests) match the declared runtime needs (node, npx) and the content of SKILL.md. The guidance and examples reference Playwright and @playwright/mcp packages which are directly relevant; no unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md contains explicit instructions and code examples for launching browsers, navigating arbitrary URLs, interacting with pages, and extracting data — exactly what a Playwright automation skill should do. This is expected, but it also means the agent can access arbitrary web content (including authenticated pages if credentials are provided) and can run npx commands. The doc discourages abusive techniques (fingerprint hacks, rotating proxies) and recommends temporary auth state, which is good. Users should be aware that using the skill to scrape or automate sites can surface sensitive data if the target site requires authentication or if the agent is asked to operate on internal/private URLs.
Install Mechanism
This is instruction-only with no install spec in the registry, so nothing will be force-installed by the registry. The SKILL.md metadata suggests installing 'playwright' and '@playwright/mcp' via npm, which is reasonable and expected for this functionality. Note: runtime use of npx will fetch and run packages from npm on-demand — standard for Node tooling but worth awareness.
Credentials
The skill declares no required environment variables or credentials. Some example configs reference common CI envs (e.g., BASE_URL) and optional auth files for test suites — these are reasonable examples and not required by the skill. There are no unrelated secret requirements.
Persistence & Privilege
always:false and instruction-only design means the skill does not request permanent presence or elevated system privileges. The SKILL.md explicitly recommends keeping auth state temporary and not persisting browser sessions by default. It does not instruct modifying other skills or system-wide settings.
Scan Findings in Context
[no_code_to_scan] expected: The static regex scanner found no code files to analyze because this is an instruction-only skill; that is expected for a documentation/guide-style skill. However, absence of findings is not a substitute for inspecting the instructions (which was done above).
Assessment
This skill appears to be what it says: a Playwright/MCP browser automation guide. Before installing/using it, consider: (1) npx will download and execute npm packages at runtime — verify package names/versions and run in an isolated environment if you have concerns; (2) browser automation can visit arbitrary URLs and access content behind auth — do not provide high-privilege credentials unless necessary, and prefer scoped/temporary test accounts; (3) scraping can raise legal/terms-of-service or privacy issues — follow the guidance in scraping.md (respect robots, throttle, prefer APIs); (4) if you want to prevent autonomous agent runs, manage the agent's invocation permissions in your environment (autonomous invocation is platform-default but you can restrict when/what the agent may execute). Overall the skill is coherent, but exercise the usual caution when giving any automation tool network access or credentials.Like a lobster shell, security has layers — review code before you run it.
1688vk979mqt66xqh9fpgmv5nkr3w9s844xcdecommercevk979mqt66xqh9fpgmv5nkr3w9s844xcdlatestvk979mqt66xqh9fpgmv5nkr3w9s844xcd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
P Clawdis
OSLinux · macOS · Windows
Binsnode, npx