Clawbrowser
PassAudited by ClawScan on May 1, 2026.
Overview
Clawbrowser is a coherent instruction-only Playwright browser automation skill, but users should be aware it can control logged-in browser sessions, run page scripts, and save browser evidence to disk.
This skill appears purpose-aligned and transparent. Before installing or using it, decide which sites and sessions the agent may control, prefer isolated sessions for sensitive work, confirm any action that changes an account or submits data, and clean up saved recordings or session state when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could click buttons, fill forms, or upload files in a browser session the user has opened or authenticated.
The skill teaches the agent to perform broad browser actions, including form entry and uploads. This fits the browser-control purpose, but these actions can affect real web accounts or submit data if used on sensitive sites.
Use refs for actions: - `click`, `dblclick`, `hover`, `drag`, `check`, `uncheck`, `select`, `fill`, `type`, `upload`, `eval`
Use the skill for clearly scoped browsing tasks, and give explicit approval before actions that submit, upload, purchase, publish, or change account data.
If used on sensitive pages, injected page scripts or granted browser permissions could expose or alter page data beyond normal browsing actions.
The skill documents Playwright code-injection/debugging features and a clipboard permission example. This is consistent with Playwright troubleshooting, but it is more powerful than simple navigation or clicking.
playwright-cli run-code "async page => await page.context().grantPermissions(['clipboard-read'])"
Reserve eval/run-code and permission-granting commands for trusted pages and debugging tasks where the user understands the effect.
A persistent session may let the agent continue acting as the logged-in user across later commands.
The skill explicitly supports persistent browser sessions that can retain logged-in state. This is expected for browser automation, and the skill also documents isolated mode and cleanup commands.
Sessions behave like persistent profiles: they remember auth state, history, and tabs between commands.
Use named or isolated sessions for different tasks, avoid reusing sensitive logged-in sessions unintentionally, and delete sessions when finished.
Screenshots, PDFs, snapshots, traces, or videos may preserve sensitive information from web pages after the browsing task ends.
The skill stores browser-derived evidence on disk. This is expected for screenshots and debugging, but those files may contain private page content or DOM information.
Save evidence to disk with `screenshot`, `pdf`, or `snapshot` ... Recorded files honor the `outputDir` from your config.
Choose a safe output directory, avoid recording private pages unless needed, and remove saved artifacts that contain sensitive data.
Different users or future installs may receive different Playwright CLI versions and browser binaries.
The setup uses a global npm install with the moving @latest version. This is a normal user-directed setup step for a CLI skill, but it means the installed code can change over time.
npm install -g @playwright/cli@latest
Install from the expected npm source, consider pinning a known-good version in controlled environments, and keep Playwright updated through normal package-management practices.