ClawHub

Playwright (Automation + MCP + Scraper)

v1.0.3

Browser automation via Playwright MCP. Navigate websites, click elements, fill forms, take screenshots, extract data, and debug real browser workflows. Use w...

91· 27.1k·348 current·367 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Playwright automation, MCP, scraping) matches the content: examples, MCP and playwright commands, testing and scraping guidance. Required binaries (node, npx) are appropriate and proportional.
Instruction Scope
SKILL.md includes commands and code to launch browsers, navigate pages, extract data, and run tests—exactly the stated scope. It also contains examples referencing environment variables (e.g. CI, BASE_URL) and an example auth file path (playwright/.auth/user.json); these are examples for users and not required by the skill, but they are places a user might accidentally persist credentials or session state if they follow examples without caution.
Install Mechanism
This is instruction-only with no install spec or bundled downloads; risk is low. The metadata suggests installing Playwright/@playwright/mcp via npm if needed, which is a standard, traceable package install path.
Credentials
The skill does not request any credentials or require env vars. It shows example env usage (CI, BASE_URL) and optional auth-file reuse patterns — these are reasonable for test suites but users should not supply high-privilege secrets or reuse privileged auth files unless they understand the implications.
Persistence & Privilege
always:false and no install-time persistence. The skill explicitly recommends keeping auth temporary and not creating persistent profiles by default. Autonomous invocation is allowed (platform default) but not unusual for an instruction skill.
Assessment
This skill is a coherent Playwright/MCP cookbook — it looks safe from a placement/permission perspective, but be mindful before running it: (1) run browser automation in an isolated environment (not on production accounts) to avoid leaking credentials or mutating real data; (2) do not persist or commit saved auth files unless you control and lock them down; (3) respect target sites' terms of service and robots.txt when scraping and throttle requests; (4) when using in CI, keep secrets out of logs/artifacts and review any npm installs (playwright and @playwright/mcp) before running. If you want me to check specific lines or adapt the examples to avoid persisting sessions or exposing secrets, tell me which environment you plan to run this in.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e84kymh7n3csx2n0t4jat3582qfr0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

P Clawdis
OSLinux · macOS · Windows
Binsnode, npx

Comments