Playwright Mcp 1.0.0
PassAudited by ClawScan on May 10, 2026.
Overview
This is a coherent browser-automation skill, but it relies on an external npm MCP server and gives the agent broad website interaction abilities that users should supervise.
Install only if you want the agent to automate websites for you. Verify the npm package source, restrict browsing to trusted hosts when possible, and review any action involving logins, forms, uploads, purchases, account settings, or saved screenshots/traces.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could click buttons, submit forms, run page scripts, or upload selected files on websites during a browsing task.
The skill exposes broad browser-control tools, including page navigation, form entry, JavaScript execution, and file upload. These are expected for browser automation but can perform real actions on websites if used without care.
`browser_navigate`, `browser_click`, `browser_type`, `browser_evaluate`, `browser_choose_file`
Use host allowlists where possible, supervise logins and transactions, and require confirmation before submitting forms, uploading files, or changing account data.
Installing or running the package will execute code distributed through npm, outside the provided skill files.
The skill depends on installing or running an external npm package, and the instructions do not pin a specific package version. This is normal for this kind of integration, but users are relying on the external package source.
npm install -g @playwright/mcp # Or npx @playwright/mcp
Install from the official package source, consider pinning a known-good version, and keep the package updated through normal dependency-management practices.
A user might assume browsing and file access are fully contained even when running the server without explicit allowlist options.
The skill makes security-default claims about the external MCP server. They may be accurate, but the provided artifacts do not include the server implementation, so users should not rely on these statements as a substitute for explicit configuration.
- By default restricts file system access to workspace root - Host validation prevents navigation to untrusted domains - Sandboxing enabled by default
Verify the MCP server's current security defaults and configure options such as `--allowed-hosts`, `--blocked-origins`, and output locations deliberately.