Safety Report

Playwright (Automation + MCP + Scraper)

Name: Playwright (Automation + MCP + Scraper)
Rating: 5 (8 reviews)
Author: ivangdavila

Browser automation and web scraping with Playwright. Forms, screenshots, data extraction. Works standalone or via MCP. Testing included.

5,295Downloads

77Installs

8Stars

3Versions

API Integration4,971 Workflow Automation3,323 Browser Automation1,737 Image Processing1,559

Security Analysis

high confidence

Clean0.08 risk

The skill is an instruction-only Playwright guide for browser automation and scraping; its requirements, instructions, and examples are coherent with the stated purpose and do not request unrelated privileges or hidden endpoints.

Feb 26, 20266 files2 concerns

Purpose & Capabilityok

Name/description match the content: SKILL.md and companion docs provide Playwright usage, scraping patterns, testing, and MCP integration. There are no unrelated credentials, binaries, or config paths requested that would be out of scope for a browser-automation/scraping skill.

Instruction Scopenote

Most instructions stay within scraping/automation/testing scope. Examples include saving storageState (auth.json), logging network requests, and recommending global npm installation of an MCP helper; these are expected for Playwright but can expose sensitive session data if users follow examples blindly. The docs do not instruct reading arbitrary system files or sending scraped data to unexpected external endpoints.

Install Mechanismok

This is instruction-only (no install spec). The README suggests using official Playwright/npm commands (npm init playwright, npx playwright install, npm install -g @playwright/mcp) which are standard and reference official packages; no opaque download URLs or archive extraction are present in the metadata.

Credentialsnote

The skill does not require environment variables or credentials. CI examples reference common env vars (BASE_URL, CI) and GitHub Actions use of GITHUB_TOKEN for artifact publishing — these are expected in CI contexts but the user should avoid committing secrets or reusing auth files carelessly.

Persistence & Privilegeok

always is false and the skill does not request persistent system privileges or modify other skills/configuration. It documents saving local session files and traces (normal for Playwright) but does not demand system-wide changes.

Guidance

This skill is essentially documentation and examples for Playwright and appears coherent with its purpose. Before using it, consider: 1) When following examples that save storageState (auth.json) or log network responses, ensure those files and logs don't contain secrets you wouldn't want stored or exposed. 2) If you run the suggested npm installs or npx commands, install packages from the official Playwright/npm registry and review what you install (npx will fetch and run code). 3) When running MCP or browser automation, restrict allowed hosts and run in isolated CI/VM environments if the automation will access sensitive sites. 4) In CI, avoid leaking tokens (e.g., GITHUB_TOKEN) into artifacts or public reports. Overall the skill is coherent and usable, but treat the example persistence and logging patterns as potential privacy risks and follow best practices for secrets and sandboxing.

Latest Release

v1.0.2

Rewritten with MCP integration and scraping focus. Now covers standalone use and MCP server setup.

More by @ivangdavila

DOCX

18 stars

Market Research

18 stars

Code

14 stars

Excel / XLSX

13 stars

Data Analysis

13 stars

Office

11 stars

Published by @ivangdavila on ClawHub