ClawHub

Playwright Mcp Skill

Security checks across malware telemetry and agentic risk

Overview

This skill openly configures Playwright-based browser automation, with optional persistent browser profiles that users should handle carefully.

Prefer the default isolated mode. Use the shared-profile commands only when you intentionally want the agent to reuse logged-in browser sessions, and avoid sharing that profile across accounts or trust boundaries. Be cautious with `uxc daemon stop` because it may stop unrelated active UXC sessions, and consider pinning the Playwright MCP package version for reproducibility.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill recommends `uxc daemon stop` as a fallback when a shared browser profile is busy, but does not clearly warn that stopping the daemon can interrupt unrelated active MCP sessions and in-flight automation. In a multi-session or shared environment, this can cause denial of service, loss of work, or disruption of authenticated browser workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented shared-profile mode explicitly persists browser state in a fixed directory (`~/.uxc/playwright-profile`) to preserve logins across runs, but it does not warn users that authentication cookies, session tokens, and other sensitive browsing artifacts will remain on disk. In a daemon-friendly automation context, this increases the chance of unintended credential retention, cross-task account reuse, or local compromise by other processes or users with access to the profile directory.

Session Persistence

Medium
Category
Rogue Agent
Content
- `@playwright/mcp` default flow is no OAuth/API key for local stdio use.
3. Use fixed link command by default:
   - `command -v playwright-mcp-cli`
   - If missing, create it:
     - `uxc link playwright-mcp-cli "npx -y @playwright/mcp@latest --headless --isolated"`
   - Optional shared-profile dual command setup for persistent sessions:
     - `command -v playwright-mcp-headless`
Confidence
88% confidence
Finding
create it: - `uxc link playwright-mcp-cli "npx -y @playwright/mcp@latest --headless --isolated"` - Optional shared-profile dual command setup for persistent sessions: - `command -v playwr

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal