When to Use

Name: playwright
Author: ivangdavila

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

70High

This Playwright skill enables arbitrary code execution, data

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

When to Use: Use this skill for real browser tasks: JS-rendered pages, multi-step forms, screenshots or PDFs, UI debugging, Playwright test authoring, MCP-driven browser control, and structured extraction from rendered pages.

Actually does

This skill executes Playwright commands via `npx` to automate browser tasks. It can navigate, click, fill forms, take screenshots/PDFs, extract data, and generate Playwright code. It contacts user-specified web origins for automation and `https://registry.npmjs.org` for optional package installation.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction5 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseer1 finding

Skill Info

Nameivangdavila/playwright

Registryclawhub

Version1.0.3

PURLpkg:clawhub/ivangdavila/playwright@1.0.3

Stars91

Downloads27,142

Installs367

Source

Repository ↗

SHA-2569f85deae2e2b...

SHA-1deb0d028ea3b...

MD540d522eb365c...

TLSH6232b88f6a6d...

ssdeep192:KB8tWSRP...

Size10,970 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/ivangdavila/playwright

27,142 downloads367 installs

ClawHubDocs

openclaw skills install ivangdavila/playwright

Assessments (2)

AI Agent Traps ↗

Command Execution via npx and Node.jshighcommand execution

The skill explicitly uses `npx` and `node` for executing Playwright commands and JavaScript, allowing for arbitrary code execution if the agent is prompted to run malicious scripts or if the installed packages are compromised.

100% confidenceline 40

npx @playwright/mcp --headless
npx playwright test
const { chromium } = require('playwright');

In-Browser JavaScript Execution via browser_evaluatemediumcommand execution

The skill lists `browser_evaluate` as a common MCP action, enabling arbitrary JavaScript execution within the context of the browsed page, which can be used for data extraction or DOM manipulation.

100% confidenceline 44

`browser_evaluate` for inspection and extraction

Supply Chain Risk from npm Package Installationmediumsupply chain

The skill installs `playwright` and `@playwright/mcp` via `npm`. A compromise of these packages or their dependencies could lead to the execution of malicious code during installation or subsequent use.

100% confidenceline 8

install":[{"id":"npm-playwright","kind":"npm","package":"playwright"},{"id":"npm-playwright-mcp","kind":"npm","package":"@playwright/mcp"}]

Data Exfiltration Capability via Browser Automationmediumdata exfiltration

The skill's core function involves interacting with and extracting data (e.g., form input, cookies, page content) from user-requested web origins, which could be abused to exfiltrate sensitive information to attacker-controlled domains.

100% confidenceline 154

description: "extract data"
External Endpoints: User-requested web origins | Browser requests, form input, cookies, uploads, and page interactions required by the task

Potential for Resource Abuse through Browser Automationlowresource abuse

Browser automation can be resource-intensive. An attacker could craft prompts to initiate numerous browser instances or complex, long-running tasks, potentially leading to resource exhaustion on the host system.

80% confidenceline 4

description: "Browser automation via Playwright MCP."
npx @playwright/mcp --headless

Human Approval Fatigue for Non-Critical Actionsinfoapproval fatigue

The skill explicitly requires user confirmation for 'high-stakes flows,' implying that less critical, but still potentially sensitive, actions might proceed without explicit human approval, which could lead to approval fatigue or oversight bypass.

70% confidenceline 137

For destructive, financial, medical, production, or otherwise high-stakes flows, prefer staging or local environments and require explicit user confirmation before continuing.

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/playwright.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/playwright)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/ivangdavila/playwright"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/playwright.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/ivangdavila/playwright.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow