ClawHub

Pascal Playwright Mcp

v1.0.0

Browser automation via Playwright MCP server. Navigate websites, click elements, fill forms, extract data, take screenshots, and perform full browser automat...

0· 642·3 current·3 all-time
by@ramspan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Playwright MCP browser automation) match the declared requirements (playwright-mcp, npx) and the SKILL.md content. The included examples and tools (navigate, click, evaluate, snapshot) are expected for Playwright MCP usage.
Instruction Scope
SKILL.md instructs running the Playwright MCP CLI via npx and describes using tools that run arbitrary page JavaScript (browser_evaluate). That's expected for browser automation, but browser_evaluate can be used to read page content or run scripts that exfiltrate data from pages or interact with authenticated sessions — so operators should limit which sites are allowed and where outputs are sent. The doc's security claims (restricted FS, host validation, sandboxing) are configuration-level and should be verified at runtime; the instructions themselves do not enforce them.
Install Mechanism
No embedded or remote binary downloads in the skill bundle; SKILL.md recommends installing @playwright/mcp from the public npm registry via npm or npx, which is a standard, traceable distribution method. The registry metadata contained no unexpected URLs or shorteners.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a local browser automation helper. No config paths or secrets are requested.
Persistence & Privilege
The skill does not request persistent/always-on inclusion and uses normal autonomous-invocation defaults. It does not attempt to modify other skills or system-wide configurations in the provided files.
Assessment
This skill appears to be what it claims — a Playwright MCP helper — but a few practical safety checks are recommended before you run it: 1) Install @playwright/mcp from the official npm registry and pin a specific version. 2) Run the MCP server in a restricted environment (container or sandboxed VM) if you will point it at untrusted sites. 3) Configure --allowed-hosts and --blocked-origins to prevent navigation to arbitrary domains, and avoid using --no-sandbox unless you understand the risks. 4) Be cautious with browser_evaluate (arbitrary JS): it can read page data and interact with authenticated sessions; do not evaluate untrusted scripts or send outputs to untrusted endpoints. 5) Verify the runtime configuration actually restricts filesystem access and service capabilities as the SKILL.md claims. If you need higher assurance, ask the publisher for the exact MCP server launch flags and the source/package checksum before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk975qjf75fmqrvej0nz6d3hxb181edd5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎭 Clawdis
OSLinux · macOS · Windows
Binsplaywright-mcp, npx

Comments