Safety Report

Playwright MCP

Name: Playwright MCP
Rating: 5 (54 reviews)
Author: Spiceman161

Browser automation via Playwright MCP server. Navigate websites, click elements, fill forms, extract data, take screenshots, and perform full browser automation workflows.

16,493Downloads

220Installs

54Stars

1Versions

Workflow Automation3,323 CLI & Shell Tools1,805 Browser Automation1,737 Image Processing1,559

Security Analysis

medium confidence

Clean0.08 risk

The skill's requested binaries, install method, and runtime instructions align with a Playwright MCP browser-automation tool; nothing in the package or SKILL.md is obviously inconsistent, but the npm-sourced install and lack of a homepage/author metadata leave some supply-chain uncertainty.

Feb 11, 20262 files2 concerns

Purpose & Capabilityok

The name/description (Playwright MCP browser automation) match the declared requirements: the skill lists the playwright-mcp binary and npx and provides an npm install for @playwright/mcp. The tools described (navigate, click, evaluate, screenshot, upload) are expected for a browser-automation skill.

Instruction Scopenote

SKILL.md contains concrete instructions to start the MCP server and call browser tools. It does not instruct the agent to read unrelated system files or environment variables. However, browser automation inherently has access to web content and (via browser_choose_file and output options) may interact with local files and produce extracted data — this is expected but something users should consciously restrict (allowed-hosts, blocked-origins, filesystem root restriction).

Install Mechanismnote

Install uses npm (@playwright/mcp) which is a reasonable and common distribution method for Playwright tooling. This is a moderate supply-chain risk compared with no-install skills; review of the npm package and its maintainers is advisable because the skill metadata lacks a homepage and source repository.

Credentialsok

The skill requests no environment variables, no config paths, and only needs the Playwright MCP binary and npx. Those requirements are proportional to the described functionality.

Persistence & Privilegeok

always is false and the skill does not request system-wide configuration changes or permanent presence. It does not request elevated privileges in the metadata or via SKILL.md.

Guidance

This skill appears internally consistent for running Playwright MCP, but take these precautions before installing: 1) Verify the npm package: inspect its publisher, repository URL, and recent versions (npm view @playwright/mcp, review package contents or source repo). 2) Run the MCP server in a sandboxed environment (container, VM) and not as root. 3) Configure --allowed-hosts and --blocked-origins, and limit filesystem access (keep output-dir inside a controlled workspace). 4) Be aware that browser automation can access page data and local files (browser_choose_file and evaluate can be used to read and exfiltrate data); only allow trusted targets. 5) If you need high assurance, review the package source code or use an official Playwright distribution from a known repository. If you want, I can show commands to inspect the npm package metadata and contents before installing.

Latest Release

v1.0.0

Initial release

More by @Spiceman161

Playwright Browser Automation

8 stars

Superpowers Mode

0 stars

sys-updater

0 stars

NotebookLM Ops

0 stars

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Published by @Spiceman161 on ClawHub