Playwright Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is meant for browser testing, but it tells the agent to run helper/setup files that are not included in the reviewed package.
Review this skill before installing because its documented workflow depends on executable files that are not present in the package. If you still use it, only run a complete trusted copy, inspect generated scripts, and prefer local/staging sites and test accounts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may fail to run, or could execute local helper code that was not available for review if those files are later added from another source.
The reviewed artifact set says there are no code files or install spec, but the skill's main workflow depends on lib/helpers, run.js, and npm scripts. That means the executable path is either missing or would come from unreviewed files outside the supplied package.
cd $SKILL_DIR && node -e "require('./lib/helpers').detectDevServers()..." ... cd $SKILL_DIR && node run.js /tmp/playwright-test-page.js ... npm run setupRequire a complete, reviewed package including package.json, run.js, lib/helpers, and any setup scripts before installing or running the skill.
A mistaken or overly broad automation request could click buttons, submit forms, or interact with accounts in ways the user did not intend.
These are expected Playwright capabilities, but they include actions that can submit forms, interact with authenticated pages, or affect live systems if pointed at real sites.
Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task.
Use test accounts and local/staging URLs by default, and require explicit confirmation before running actions against production sites or real accounts.
Generated scripts can open browsers, navigate pages, create screenshots, and perform web actions locally.
The skill explicitly generates and runs local JavaScript. That is normal for browser automation, but users should understand that the agent-created script will execute on their machine.
I write custom Playwright code in `/tmp/playwright-test-*.js` ... I execute it via: `cd $SKILL_DIR && node run.js /tmp/playwright-test-*.js`
Inspect generated /tmp scripts for the intended URL and actions before execution, especially when credentials, file uploads, or production systems are involved.