Playwright CLI Automation
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a Playwright CLI guide, but it includes under-scoped login-session reuse and anti-crawler evasion guidance that users should review carefully.
Only install this if you need Playwright-style browser automation and are comfortable managing its local packages and browser dependencies. Do not let it use saved login state unless you explicitly approve the target site and account, protect or delete auth.json afterward, and avoid using the crawler guidance to bypass website anti-bot rules.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the tool may add global packages, browser binaries, or system dependencies to the machine.
The skill instructs users to install packages globally and install browser/system dependencies. This is expected for Playwright, but it changes the local environment and uses unpinned package sources.
npm install -g @playwright/test # 或者 pip install playwright ... playwright install-deps
Install from official Playwright documentation, prefer an isolated project or virtual environment, and verify package names and versions before running install commands.
The agent could be used in ways that violate website terms, trigger account or IP restrictions, or automate access where the user lacks permission.
The instruction explicitly recommends slowing automation to avoid anti-crawling defenses. That is not just normal browser automation guidance and could encourage bypassing site protections or policies.
执行长时间任务时添加`--slowmo=1000`参数减慢操作速度,避免被反爬
Use the skill only on sites you own or are authorized to test, respect robots.txt and terms of service, and do not use it to bypass anti-bot or access-control protections.
A saved auth.json file may contain cookies or tokens that let future automation access an account without re-entering credentials.
The skill recommends saving and reusing authenticated browser storage, but the metadata declares no credential handling and the instructions do not bound which accounts, sites, approvals, or protections apply.
保存登录状态使用`--save-storage=auth.json`,下次可以直接`--load-storage=auth.json`跳过登录
Require explicit user approval before using saved login state, scope it to a specific authorized site, store it securely, and delete it when no longer needed.
Sensitive session data could remain on disk and be reused accidentally, copied, or applied to the wrong task.
The saved storage file is persistent state that can be reused across later automation runs, but the skill does not provide retention, access-control, or cleanup guidance.
`--save-storage=auth.json` ... `--load-storage=auth.json`
Keep saved storage files out of shared folders and version control, name them per site/account, restrict file permissions, and remove them after the task.