Pascal Playwright Mcp
PassAudited by ClawScan on May 10, 2026.
Overview
This is a disclosed Playwright MCP browser-automation skill, but it gives the agent broad ability to navigate, click, type, upload files, and run page scripts, so users should scope it carefully.
Install only if you want the agent to automate a real browser. Prefer trusted sites, set host restrictions, avoid giving it sensitive sessions unless necessary, and review any action that submits forms, uploads files, changes account data, or saves traces/screenshots.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit forms, interact with accounts, upload selected files, or extract page data while automating a browser.
The skill exposes broad browser-control tools, including clicking, typing, uploading files, and running JavaScript. This is purpose-aligned for Playwright automation, but it can affect real websites or accounts if used without user direction.
`browser_navigate`, `browser_click`, `browser_type`, `browser_evaluate`, `browser_choose_file`
Use this only for sites and actions you explicitly intend, and confirm before logins, purchases, submissions, uploads, or other account-changing actions.
Runtime behavior depends on the external @playwright/mcp package installed from npm.
The documented setup downloads or runs an external npm package without pinning a version. This is normal for an MCP wrapper, but the reviewed artifacts do not include the package code.
`npm install -g @playwright/mcp` / `npx @playwright/mcp`
Install from the official npm package, consider pinning a trusted version, and keep Playwright/MCP dependencies updated.
A user might assume navigation is already tightly restricted when they may still need to configure allowed hosts for their intended workflow.
The documentation mentions host-validation protections, but presents allowlisted hosts as an optional configuration rather than making the default scope explicit.
`--allowed-hosts example.com,api.example.com` and `Host validation prevents navigation to untrusted domains`
Verify the actual MCP server defaults and explicitly configure allowed or blocked hosts before giving the agent access to sensitive browsing tasks.