Manikantasai Playwright Automation
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a straightforward Playwright browser-automation skill, but it can act on logged-in websites, handle local files/session state, and has some package-metadata inconsistencies to verify.
Install only if you are comfortable letting the agent automate browser actions. Verify the Playwright package/source, be cautious with sudo, give explicit approval for account-changing actions, and protect or delete auth.json, screenshots, PDFs, videos, and downloaded files that may contain sensitive data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with broad instructions, the agent could click through confirmations or submit forms on real websites.
The skill documents browser actions that can submit forms and accept confirmation dialogs. This is expected for Playwright automation, but those actions can change account or website state.
await page.getByRole('button', { name: 'Sign in' }).click(); ... if (dialog.type() === 'confirm') dialog.accept();Use explicit user approval for logins, purchases, deletes, public posts, uploads, downloads, or any irreversible website action.
The agent may operate inside logged-in sessions if the user provides credentials or session state.
The skill documents use of passwords, cookies, localStorage tokens, and reusable auth state. This is normal for authenticated browser automation but involves sensitive session authority.
httpCredentials: { username: 'user', password: 'pass' }; ... localStorage.setItem('token', 'xyz'); ... context.storageState({ path: 'auth.json' })Provide only the minimum credentials needed, avoid hardcoding real secrets, and restrict authenticated automation to clearly specified sites and actions.
Installing global packages or running npx with sudo can affect the local system if the package source is compromised or mistyped.
The documented setup uses unpinned npm/npx commands and an optional elevated dependency install. These commands are standard for Playwright, but users should verify the package source and avoid unnecessary elevation.
npm install -g playwright; npx playwright install chromium; sudo npx playwright install-deps chromium
Install from the official Playwright package, prefer pinned versions where practical, and run sudo dependency installation only when necessary.
Users may have less confidence that the package identity and registry listing correspond to the same release.
The packaged _meta.json values differ from the supplied registry metadata for owner, slug, and version, creating a provenance/release-identity inconsistency.
"ownerId": "kn73rfyfbb2nt729a6f911fx2980czrm", "slug": "playwright-browser-automation", "version": "2.0.0"
Ask the publisher to align _meta.json with the registry metadata and verify the skill source before relying on it.
A saved auth state file could let later automations access the same logged-in session or expose session data if mishandled.
The skill documents saving and reusing browser storage state. This is useful and purpose-aligned, but the file can contain sensitive session material and can carry state into later tasks.
await context.storageState({ path: 'auth.json' }); // Later: await browser.newContext({ storageState: 'auth.json' });Store auth state files securely, avoid sharing them, and delete or rotate them after the automation task is complete.
Users may be confused about whether the skill is meant to use direct Playwright APIs or an MCP server.
The included example file describes MCP usage, while SKILL.md emphasizes direct Playwright API use without MCP complexity. This is a documentation mismatch, not evidence of unsafe execution.
Example script for using Playwright MCP server with OpenClaw.
Clarify the intended integration model and remove or update stale MCP examples.