Pascal Playwright Mcp
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pascal-playwright-mcp Version: 1.0.0 The skill bundle provides browser automation capabilities via Playwright MCP, a legitimate and widely used tool. The `SKILL.md` clearly outlines the skill's purpose, installation steps using `npm` and `npx` for the official `@playwright/mcp` package, and explicitly mentions security features like restricted file system access, host validation, and sandboxing. The `examples.py` script is purely illustrative, demonstrating conceptual MCP tool calls by printing them, without actually executing any commands or interacting with external systems. There is no evidence of prompt injection, data exfiltration, persistence mechanisms, or other malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could submit forms, interact with accounts, upload selected files, or extract page data while automating a browser.
The skill exposes broad browser-control tools, including clicking, typing, uploading files, and running JavaScript. This is purpose-aligned for Playwright automation, but it can affect real websites or accounts if used without user direction.
`browser_navigate`, `browser_click`, `browser_type`, `browser_evaluate`, `browser_choose_file`
Use this only for sites and actions you explicitly intend, and confirm before logins, purchases, submissions, uploads, or other account-changing actions.
Runtime behavior depends on the external @playwright/mcp package installed from npm.
The documented setup downloads or runs an external npm package without pinning a version. This is normal for an MCP wrapper, but the reviewed artifacts do not include the package code.
`npm install -g @playwright/mcp` / `npx @playwright/mcp`
Install from the official npm package, consider pinning a trusted version, and keep Playwright/MCP dependencies updated.
A user might assume navigation is already tightly restricted when they may still need to configure allowed hosts for their intended workflow.
The documentation mentions host-validation protections, but presents allowlisted hosts as an optional configuration rather than making the default scope explicit.
`--allowed-hosts example.com,api.example.com` and `Host validation prevents navigation to untrusted domains`
Verify the actual MCP server defaults and explicitly configure allowed or blocked hosts before giving the agent access to sensitive browsing tasks.