Back to skill
Skillv1.0.0
VirusTotal security
Playwright MCP Automation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:02 AM
- Hash
- 9684ef5ca84a01a9753229e261eb12cbf6a90052edccc2dd3bb266f89572d420
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: playwright-mcp-automation Version: 1.0.0 The skill bundle is classified as suspicious due to several significant vulnerabilities and risky capabilities. The `scripts/start_playwright_mcp.sh` script contains a shell injection vulnerability via the `${EXTRA} "$@"` expansion, allowing an attacker (e.g., via prompt injection to the agent) to pass arbitrary arguments to `npx @playwright/mcp@latest`, potentially leading to arbitrary command execution. Additionally, `references/setup.md` instructs the agent to run `sudo npx playwright install-deps chromium`, which is a privilege escalation risk if the agent has `sudo` access. The `browser_run_code` tool, documented in `references/tools.md`, allows arbitrary JavaScript execution within the browser context, which could be exploited via prompt injection to perform actions like data exfiltration from browsed websites. While the skill's purpose is legitimate browser automation, these vulnerabilities and powerful primitives pose a high risk of exploitation.
- External report
- View on VirusTotal