Playwright MCP
Security checks across malware telemetry and agentic risk
Overview
This is a coherent browser-automation skill, but it gives the agent broad website-control abilities and depends on an external npm MCP server that users should trust and scope carefully.
Install only if you trust the @playwright/mcp package and want the agent to control a browser. Prefer limiting allowed hosts, avoid unsupervised use on logged-in or high-value sites, and review any action that submits forms, uploads files, purchases items, changes account settings, or runs page JavaScript.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could perform real browser actions on websites, including actions that change account or form state, when a user asks it to automate those pages.
These tools are expected for Playwright browser automation, but they can submit forms, interact with accounts, or upload files if used on sensitive sites.
`browser_click` | Click element by selector | ... `browser_type` | Type text into input | ... `browser_choose_file` | Upload file |
Use host allow-lists where possible, supervise actions on logged-in or sensitive sites, and require explicit review before form submission, purchases, uploads, or account changes.
JavaScript evaluation can inspect or modify the current page and may interact with sensitive page state if run on logged-in sites.
The skill exposes JavaScript execution inside the browser page context. This is purpose-aligned for automation and extraction, but it is a powerful escape-hatch capability.
`browser_evaluate` | Execute JavaScript |
Limit JavaScript evaluation to trusted pages and user-reviewed scripts, especially when authenticated sessions or sensitive data are present.
Installing or running the external package trusts the npm package contents and whatever version is resolved at install time.
The installation path relies on an external npm package and npx execution without a pinned version in the artifact instructions.
npm install -g @playwright/mcp # Or npx @playwright/mcp
Verify the package source, consider pinning a known-good version, and install from a trusted registry before granting the browser automation skill access to sensitive workflows.