Pascal Playwright Mcp
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit forms, interact with accounts, upload selected files, or extract page data while automating a browser.
The skill exposes broad browser-control tools, including clicking, typing, uploading files, and running JavaScript. This is purpose-aligned for Playwright automation, but it can affect real websites or accounts if used without user direction.
`browser_navigate`, `browser_click`, `browser_type`, `browser_evaluate`, `browser_choose_file`
Use this only for sites and actions you explicitly intend, and confirm before logins, purchases, submissions, uploads, or other account-changing actions.
Runtime behavior depends on the external @playwright/mcp package installed from npm.
The documented setup downloads or runs an external npm package without pinning a version. This is normal for an MCP wrapper, but the reviewed artifacts do not include the package code.
`npm install -g @playwright/mcp` / `npx @playwright/mcp`
Install from the official npm package, consider pinning a trusted version, and keep Playwright/MCP dependencies updated.
A user might assume navigation is already tightly restricted when they may still need to configure allowed hosts for their intended workflow.
The documentation mentions host-validation protections, but presents allowlisted hosts as an optional configuration rather than making the default scope explicit.
`--allowed-hosts example.com,api.example.com` and `Host validation prevents navigation to untrusted domains`
Verify the actual MCP server defaults and explicitly configure allowed or blocked hosts before giving the agent access to sensitive browsing tasks.