Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Playwright Mcp Skill
v1.0.0Run browser automation through @playwright/mcp over UXC stdio MCP, with daemon-friendly session reuse and safe action guardrails. Use when tasks need determi...
⭐ 0· 441·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description, CLI examples, and uxc link guidance align with the stated goal of running @playwright/mcp via stdio. However the docs repeatedly reference a shared profile directory (~/.uxc/playwright-profile) and a daemon-exclusive env var (UXC_DAEMON_EXCLUSIVE) even though the skill metadata declares no config paths or env requirements — that's an unexplained config access pattern.
Instruction Scope
The SKILL.md instructs the agent to create fixed CLI links (uxc link), manipulate a local profile directory (~/.uxc/playwright-profile), stop the uxc daemon, and suggests setting UXC_DAEMON_EXCLUSIVE — these are side effects beyond simple stateless automation. The skill references an environment variable (UXC_DAEMON_EXCLUSIVE) and a filesystem path but the public requirements do not declare those, and the instructions grant the skill authority to read/write persistent profile state.
Install Mechanism
There is no install spec in the registry (instruction-only). Runtime execution relies on npx -y @playwright/mcp@latest which will fetch and run code from npm on first use. This is expected for a Node CLI integration but is a moderate operational risk (remote code execution on first run) and would be safer if a pinned version or explicit install step were recommended.
Credentials
The skill declares no required env vars but the docs reference UXC_DAEMON_EXCLUSIVE and instruct storing user-data under ~/.uxc/playwright-profile. Requesting or relying on a persistent user-data-dir can expose cookies/tokens and is not declared in metadata; absence of declared env/config requirements is an inconsistency.
Persistence & Privilege
always is false and model invocation is allowed (normal). The skill's recommended setup creates persistent CLI links (uxc link) and optional shared-profile storage, which gives it ongoing presence (stored profile data and created command wrappers). This is plausible for the use case but increases the blast radius compared to a purely ephemeral workflow.
What to consider before installing
This skill appears to do what it says (drive Playwright MCP over uxc/npx) but has some concerning gaps. Before installing or running it: 1) review and decide whether you trust on-demand npm execution (npx @playwright/mcp@latest); consider pinning a specific version instead of @latest; 2) be aware the skill suggests creating persistent CLI links and a profile directory (~/.uxc/playwright-profile) that will store session state (cookies/tokens) — only use shared-profile mode if you understand and accept persistent credentials; 3) note the docs reference UXC_DAEMON_EXCLUSIVE though no env vars are declared — verify what your environment will expose to the CLI and whether the skill will read/write that path; 4) run first-time usage in an isolated environment (container or VM) if you want to limit potential exposure from remote package fetches; and 5) if you lack trust in the @playwright/mcp source, inspect the package or vendor a vetted binary instead of relying on npx @latest.Like a lobster shell, security has layers — review code before you run it.
latestvk9724xddvtf617v69k4rhnqrg1826tvd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.