ClawHub

Playwright Mcp 1.0.0

v1.0.0

Browser automation via Playwright MCP server. Navigate websites, click elements, fill forms, extract data, take screenshots, and perform full browser automat...

0· 515·19 current·20 all-time
by@itsjustfred
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: the skill needs playwright-mcp/npx and documents installing @playwright/mcp. No unrelated binaries, env vars, or credentials are requested.
Instruction Scope
SKILL.md stays on-topic for browser automation, but includes powerful primitives (browser_evaluate to run arbitrary JS, browser_choose_file to upload files, navigation to arbitrary URLs). Those capabilities are expected for a browser automation skill but can be used to exfiltrate data or access internal endpoints if misused. The doc mentions allowed-hosts / blocked-origins and sandboxing but leaves defaults and enforcement unclear.
Install Mechanism
No embedded install script is executed by the registry; installation is via npm/npx (@playwright/mcp) which is the expected mechanism for Playwright tools. No ad-hoc downloads or obscure URLs are used.
Credentials
The skill requires no environment variables or credentials, which is proportionate to its stated functionality.
Persistence & Privilege
always is false and model invocation is allowed (the platform default). The skill does not request persistent system-wide privileges or modify other skills' configurations.
Assessment
This skill appears to be what it claims: a Playwright MCP front-end. Before installing, consider these practical security steps: (1) Verify the npm package (@playwright/mcp) is the expected upstream and review its release page; (2) Restrict the MCP server with --allowed-hosts and avoid using --no-sandbox or --ignore-https-errors unless necessary; (3) Treat browser_evaluate and file-upload tools as sensitive: do not allow the agent to execute arbitrary JS on pages that handle secrets or to upload local files you don't trust; (4) Run the MCP server in an isolated environment (container/VM) if you will automate untrusted sites or internal networks; (5) Monitor network activity and outputs produced in --output-dir. These mitigations address the legitimate but powerful capabilities of browser automation; the skill itself is coherent with its description.

Like a lobster shell, security has layers — review code before you run it.

latestvk97639qsab5kwxg5y49h1p0sb581n1js

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎭 Clawdis
OSLinux · macOS · Windows
Binsplaywright-mcp, npx

Comments