← Back to Skills Marketplace
zhanglinghao01-rakuten

Playwright MCP Automation

by zhanglinghao01-rakuten · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
483
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install playwright-mcp-automation
Description
Launch and operate the Playwright MCP server to let agents browse real websites (login, search, checkout, dashboards) through structured tools. Use when the...
Usage Guidance
This skill appears to do what it says: run a Playwright MCP server and provide guidance for using MCP tools. Before installing or running it, consider: - Supply-chain risk: the script runs `npx @playwright/mcp@latest` (un-pinned). Prefer pinning to a specific vetted version or using an internal mirror. - Network exposure: some snippets instruct `--allowed-hosts=*` and `--host=0.0.0.0` which disable DNS rebinding protections and expose the service. Only use those on isolated hosts or behind strict firewalls/tunnels. - Secrets & profiles: persistent profiles, storage.json, or `--secrets /path/.env` can expose credentials. Keep those files in a secure vault, and avoid reusing an interactive Chrome profile unless you understand the privacy implications. - Privilege and installs: the skill expects Node.js and Playwright browsers; installing system dependencies may require sudo. Run installs on trusted CI/hosts. - Operational best practice: review the upstream Playwright MCP repo and pin versions, restrict allowed hosts, and firewall or auth-protect any exposed MCP HTTP endpoint. If you need higher assurance, ask the author for a reproducible install spec that pins package versions or provide more provenance for the package source.
Capability Analysis
Type: OpenClaw Skill Name: playwright-mcp-automation Version: 1.0.0 The skill bundle is classified as suspicious due to several significant vulnerabilities and risky capabilities. The `scripts/start_playwright_mcp.sh` script contains a shell injection vulnerability via the `${EXTRA} "$@"` expansion, allowing an attacker (e.g., via prompt injection to the agent) to pass arbitrary arguments to `npx @playwright/mcp@latest`, potentially leading to arbitrary command execution. Additionally, `references/setup.md` instructs the agent to run `sudo npx playwright install-deps chromium`, which is a privilege escalation risk if the agent has `sudo` access. The `browser_run_code` tool, documented in `references/tools.md`, allows arbitrary JavaScript execution within the browser context, which could be exploited via prompt injection to perform actions like data exfiltration from browsed websites. While the skill's purpose is legitimate browser automation, these vulnerabilities and powerful primitives pose a high risk of exploitation.
Capability Assessment
Purpose & Capability
The name/description match the included SKILL.md, reference docs, and a simple launcher script that runs the Playwright MCP server. Requested artifacts (persistent profile, storage-state, secrets file, Playwright capabilities) are expected for browser automation.
Instruction Scope
Instructions are explicit about launching MCP, wiring clients, and calling specific MCP tools (browser_navigate, browser_snapshot, browser_run_code, etc.). They do however recommend operationally risky options (e.g., --allowed-hosts=*, exposing --host 0.0.0.0 and a port, reusing Chrome profiles, secrets files and storage.json). Those are within the skill's scope for advanced usage but increase data/host exposure if applied on an untrusted host or without network controls.
Install Mechanism
There is no formal install spec; the script uses exec npx @playwright/mcp@latest which will fetch and run an npm package at runtime. That is coherent with a lightweight instruction-only skill but carries standard supply-chain risk due to fetching an unpinned remote package (@latest). No opaque download URLs or extracted archives are present.
Credentials
The skill declares no required env vars, which matches packaging. The runtime docs reference optional env overrides (PWMCP_*) and recommend secrets storage (storage.json, --secrets /path/.env). Recommending secrets files is expected, but the skill does not itself require credentials — the user must supply them. Users should note the guidance to allow access to existing Chrome profiles and secrets which can expose sensitive data if misused.
Persistence & Privilege
The skill is not forced-always or otherwise privileged. It does not modify other skills or global agent settings. It suggests persistent browser profiles as an option, which is normal for automation, but persistence of profiles can persist credentials across runs and should be managed carefully.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install playwright-mcp-automation
  3. After installation, invoke the skill by name or use /playwright-mcp-automation
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of playwright-mcp-automation. - Provides Playwright MCP server automation for agents to interact with live web pages (e.g., login, checkout, download statements, UI testing). - Includes clear setup instructions and sample launcher script for quick server start. - Documents core workflows: planning, navigation, interaction, verification, authentication management, and resilience practices. - Reference guides and scripts included for advanced configuration, tool lookups, and troubleshooting. - Designed for both local and remote Playwright MCP server usage; supports persistent profiles and secrets management.
Metadata
Slug playwright-mcp-automation
Version 1.0.0
License
All-time Installs 1
Active Installs 1
Total Versions 1
Frequently Asked Questions

What is Playwright MCP Automation?

Launch and operate the Playwright MCP server to let agents browse real websites (login, search, checkout, dashboards) through structured tools. Use when the... It is an AI Agent Skill for Claude Code / OpenClaw, with 483 downloads so far.

How do I install Playwright MCP Automation?

Run "/install playwright-mcp-automation" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Playwright MCP Automation free?

Yes, Playwright MCP Automation is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Playwright MCP Automation support?

Playwright MCP Automation is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Playwright MCP Automation?

It is built and maintained by zhanglinghao01-rakuten (@zhanglinghao01-rakuten); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments