Back to skill

Security audit

Playwright MCP

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Playwright browser-automation helper, with expected but real risks from installing npm packages and automating live websites.

Install only if you trust the package source and are comfortable running npm/Playwright tooling locally. Use it on trusted sites, avoid entering secrets unless needed, review before submitting forms or uploading files, and handle screenshots, traces, and videos as potentially sensitive.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill invokes shell commands for installation and execution (`npm install`, `npx`, `playwright install`) but does not declare any permissions or trust boundaries for doing so. This creates a real security gap because installing and launching external packages can execute arbitrary code from the package supply chain and start a browser automation service with broad interaction capabilities.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill enables high-impact browser actions such as form submission, file upload, data extraction, screenshot capture, trace/video saving, and arbitrary page JavaScript evaluation, but its safety notes do not clearly warn users about privacy, credential, and real-world transaction risks. In this context, users could unintentionally submit sensitive data to real sites, capture secrets in traces/screenshots, or automate destructive actions without informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.