Use when the agent needs to drive a browser through the Microsoft Playwright CLI (`playwright-cli`) for navigation, form interactions, screenshots, recordings, data extraction, session management, or debugging without loading a full MCP browser. It trains the agent on the CLI commands, snapshots, and session/config habits that make Playwright CLI reliable for scripted browsing.
Security Analysis
medium confidenceThe skill is internally coherent with its stated purpose (driving Playwright via the CLI) but the runtime instructions enable powerful browser-level access (clipboard, page JS, persisted sessions) and reference an environment variable not declared in the metadata — these are legitimate for the task but worth user caution.
Name/description match the instructions: the SKILL.md exclusively documents using the Playwright CLI (playwright-cli) for navigation, interactions, screenshots, recording, sessions, and config. Nothing requested by the skill metadata (it requests no extra credentials, binaries, or config paths) contradicts that purpose.
The instructions direct the agent to run arbitrary playwright-cli commands (open, snapshot, run-code, tracing, video, config, session management). That is within the declared purpose, but 'run-code' and examples that grant permissions (e.g., clipboard-read) and network/console inspection give the agent access to page content and potentially sensitive data. The SKILL.md also refers to an env var (PLAYWRIGHT_CLI_SESSION) used to default sessions; that env var is not declared in the skill metadata.
This is an instruction-only skill with no install spec or bundled code files, which is low risk from install perspective. The SKILL.md suggests installing the CLI via 'npm install -g @playwright/cli@latest' — that is a normal installation step but it does imply modifying the host (global npm install) and downloading browser binaries via 'playwright-cli install' when needed.
The skill metadata declares no required env vars, but the instructions reference PLAYWRIGHT_CLI_SESSION as an environment variable to set a default session. This mismatch should be noted. More generally, the skill does not request credentials, but the documented commands can persist sessions, cookies, and recordings to disk and can grant page permissions (clipboard access), which are high-privilege actions relative to a simple helper — they are proportional to a browser automation tool but warrant attention.
always:false and default agent invocation behavior are appropriate. Sessions and artifacts are explicitly persistent (session profiles, outputDir, traces/video saved to disk), which is expected for this use case but means the agent will create and store state on the host. Consider that autonomous invocation plus the ability to run arbitrary CLI commands and injected page JS increases the practical blast radius if the agent is allowed to act without supervision.
Guidance
This skill is consistent with a Playwright-CLI helper, but review these points before installing: - The SKILL.md tells the agent to install and run 'playwright-cli' (global npm install) and to download browser binaries; prefer installing in a controlled environment (container or sandbox) rather than globally on an important host. - The instructions reference PLAYWRIGHT_CLI_SESSION (an env var) but the skill metadata doesn't declare it — if you rely on env-based defaults, be explicit about what you set and where sessions will be stored. - Commands like 'run-code', granting clipboard permissions, and network/console inspection let the agent access page content and the system clipboard. Only allow the agent to run this skill when you trust it or when you restrict its autonomy. - Persistent sessions, traces, screenshots, and video files may contain sensitive data (auth cookies, form contents). Clean up sessions/outputDir after use and avoid reusing sessions that hold credentials. - Because this is instruction-only (no bundled code), verify you will install Playwright from a trusted source (official npm package) and consider pinning a version rather than 'latest'. If you need higher assurance, run the CLI in an isolated environment (container/VM) and limit the agent's ability to invoke the skill autonomously.
Latest Release
v0.1.1
- Added ClawAudit AI security badges to the documentation for vulnerability awareness. - No changes to functionality or usage instructions; documentation update only.
More by @tezatezaz
Published by @tezatezaz on ClawHub
