Playwright Mcp 1.0.0

Browser automation via Playwright MCP server. Navigate websites, click elements, fill forms, extract data, take screenshots, and perform full browser automat...

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 318 · 14 current installs · 15 all-time installs

by@itsjustFred

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the declared requirements: the skill needs playwright-mcp/npx and documents installing @playwright/mcp. No unrelated binaries, env vars, or credentials are requested.

ℹ

Instruction Scope

SKILL.md stays on-topic for browser automation, but includes powerful primitives (browser_evaluate to run arbitrary JS, browser_choose_file to upload files, navigation to arbitrary URLs). Those capabilities are expected for a browser automation skill but can be used to exfiltrate data or access internal endpoints if misused. The doc mentions allowed-hosts / blocked-origins and sandboxing but leaves defaults and enforcement unclear.

✓

Install Mechanism

No embedded install script is executed by the registry; installation is via npm/npx (@playwright/mcp) which is the expected mechanism for Playwright tools. No ad-hoc downloads or obscure URLs are used.

✓

Credentials

The skill requires no environment variables or credentials, which is proportionate to its stated functionality.

✓

Persistence & Privilege

always is false and model invocation is allowed (the platform default). The skill does not request persistent system-wide privileges or modify other skills' configurations.

Assessment

This skill appears to be what it claims: a Playwright MCP front-end. Before installing, consider these practical security steps: (1) Verify the npm package (@playwright/mcp) is the expected upstream and review its release page; (2) Restrict the MCP server with --allowed-hosts and avoid using --no-sandbox or --ignore-https-errors unless necessary; (3) Treat browser_evaluate and file-upload tools as sensitive: do not allow the agent to execute arbitrary JS on pages that handle secrets or to upload local files you don't trust; (4) Run the MCP server in an isolated environment (container/VM) if you will automate untrusted sites or internal networks; (5) Monitor network activity and outputs produced in --output-dir. These mitigations address the legitimate but powerful capabilities of browser automation; the skill itself is coherent with its description.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0

Download zip

latestvk97639qsab5kwxg5y49h1p0sb581n1js

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎭 Clawdis

OSLinux · macOS · Windows

Binsplaywright-mcp, npx

SKILL.md

Playwright MCP Skill

Browser automation powered by Playwright MCP server. Control Chrome, Firefox, or WebKit programmatically.

Installation

npm install -g @playwright/mcp
# Or
npx @playwright/mcp

Install browsers (first time):

npx playwright install chromium

Quick Start

Start MCP Server (STDIO mode)

npx @playwright/mcp

Start with Options

# Headless mode
npx @playwright/mcp --headless

# Specific browser
npx @playwright/mcp --browser firefox

# With viewport
npx @playwright/mcp --viewport-size 1280x720

# Ignore HTTPS errors
npx @playwright/mcp --ignore-https-errors

Common Use Cases

1. Navigate and Extract Data

# MCP tools available:
# - browser_navigate: Open URL
# - browser_click: Click element
# - browser_type: Type text
# - browser_select_option: Select dropdown
# - browser_get_text: Extract text content
# - browser_evaluate: Run JavaScript
# - browser_snapshot: Get page structure
# - browser_close: Close browser

2. Form Interaction

1. browser_navigate to form URL
2. browser_type into input fields
3. browser_click to submit
4. browser_get_text to verify result

3. Data Extraction

1. browser_navigate to page
2. browser_evaluate to run extraction script
3. Parse returned JSON data

MCP Tools Reference

Tool	Description
`browser_navigate`	Navigate to URL
`browser_click`	Click element by selector
`browser_type`	Type text into input
`browser_select_option`	Select dropdown option
`browser_get_text`	Get text content
`browser_evaluate`	Execute JavaScript
`browser_snapshot`	Get accessible page snapshot
`browser_close`	Close browser context
`browser_choose_file`	Upload file
`browser_press`	Press keyboard key

Configuration Options

# Security
--allowed-hosts example.com,api.example.com
--blocked-origins malicious.com
--ignore-https-errors

# Browser settings
--browser chromium|firefox|webkit
--headless
--viewport-size 1920x1080
--user-agent "Custom Agent"

# Timeouts
--timeout-action 10000      # Action timeout (ms)
--timeout-navigation 30000  # Navigation timeout (ms)

# Output
--output-dir ./playwright-output
--save-trace
--save-video 1280x720

Examples

Login to Website

browser_navigate: { url: "https://example.com/login" }
browser_type: { selector: "#username", text: "user" }
browser_type: { selector: "#password", text: "pass" }
browser_click: { selector: "#submit" }
browser_get_text: { selector: ".welcome-message" }

Extract Table Data

browser_navigate: { url: "https://example.com/data" }
browser_evaluate: { 
  script: "() => { return Array.from(document.querySelectorAll('table tr')).map(r => r.textContent); }" 
}

Screenshot

browser_navigate: { url: "https://example.com" }
browser_evaluate: { script: "() => { document.body.style.zoom = 1; return true; }" }
# Screenshot saved via --output-dir or returned in response

Security Notes

By default restricts file system access to workspace root
Host validation prevents navigation to untrusted domains
Sandboxing enabled by default (use --no-sandbox with caution)
Service workers blocked by default

Troubleshooting

# Update browsers
npx playwright install chromium

# Debug mode
npx @playwright/mcp --headless=false --output-mode=stdout

# Check installation
playwright-mcp --version

Comments

Loading comments…