← Back to Skills Marketplace
Playwright Skill
by
Vubangsi Mercel
· GitHub ↗
· v0.1.0
2264
Downloads
0
Stars
16
Active Installs
1
Versions
Install in OpenClaw
/install playwright-skill
Description
Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check res...
Usage Guidance
This skill is internally inconsistent. Before installing or running anything: 1) Do not run `npm run setup` or any node commands suggested here until you inspect the skill directory. 2) Check the skill directory ($SKILL_DIR) for package.json, run.js, and lib/helpers.js; if they are missing, the instructions are unusable or deceptive. 3) If those files exist, open them and review their contents for network calls, telemetry, or arbitrary exec before running. 4) Be cautious about allowing any skill to auto-detect local dev servers or execute scripts that perform login flows — these actions can interact with sensitive local services. 5) Prefer running Playwright and your tests under your own control (your own package.json and scripts) rather than running npm scripts from an untrusted skill. If the publisher can provide the missing runner and a clear, auditable install script (or package hosted on a trusted release host), re-evaluate then.
Capability Analysis
Type: OpenClaw Skill
Name: playwright-skill
Version: 0.1.0
The `SKILL.md` file instructs the AI agent to use an 'inline execution' pattern (`cd $SKILL_DIR && node run.js "..."`) for simple tasks. This design allows for direct embedding of arbitrary JavaScript code into a `node` command, creating a critical Remote Code Execution (RCE) vulnerability via prompt injection. A malicious user could exploit this to execute arbitrary commands on the host system, such as reading sensitive files, exfiltrating data, or installing backdoors. This is a severe vulnerability, not intentional malice by the skill itself, hence classified as suspicious.
Capability Assessment
Purpose & Capability
The SKILL.md expects a Node-based runtime (node -e, npm run setup, require('./lib/helpers'), and node run.js) and assumes Playwright/Chromium will be installed, but the skill metadata lists no required binaries and the bundle contains no code files (no lib/helpers, no run.js, no package.json). This is inconsistent: a Playwright automation skill would legitimately require Node/npm and included runner code or a clear install spec.
Instruction Scope
Instructions direct the agent to detect dev servers (via require('./lib/helpers').detectDevServers()), write and execute arbitrary test scripts in /tmp, and run node run.js in the skill directory. Those operations would execute code from the skill directory or the generated /tmp scripts and can interact with local services (port scanning/auto-detection) and remote sites (login flows). Because the referenced helper and runner files are not present, following the instructions as-is will either fail or — if different files with those names exist on disk — execute unexpected code.
Install Mechanism
There is no formal install spec or packaged code; SKILL.md tells the user to run `npm run setup` in the skill directory to install Playwright and Chromium. Without an included package.json or explicit install source, that command will fail or run whatever npm script exists in the discovered directory. Instruction-only design reduces transparency here and elevates risk if the user runs the suggested setup command in an untrusted location.
Credentials
The skill does not request any credentials or environment variables in its metadata. The guidance to parameterize URLs via env vars is reasonable for testing and does not by itself require sensitive secrets. There are no declared requests for unrelated credentials.
Persistence & Privilege
The skill does not request permanent inclusion (always: false), does not declare modifications to other skills or system-wide settings, and instructs only transient actions (writing to /tmp). No elevated persistence is requested.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install playwright-skill - After installation, invoke the skill by name or use
/playwright-skill - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release – brings Playwright-powered browser automation to any project.
- Auto-detects running localhost dev servers before starting tests.
- Writes Playwright test scripts to /tmp to avoid cluttering project files.
- Supports common browser tasks: UI testing, form automation, screenshots, responsive checks, login flow validation, broken link checks, and more.
- Always opens the browser visibly for debugging unless headless mode is requested.
- URLs are parameterized and configurable at the top of each script.
- Clear step-by-step workflow and robust usage documentation included.
Metadata
Frequently Asked Questions
What is Playwright Skill?
Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check res... It is an AI Agent Skill for Claude Code / OpenClaw, with 2264 downloads so far.
How do I install Playwright Skill?
Run "/install playwright-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Playwright Skill free?
Yes, Playwright Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Playwright Skill support?
Playwright Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Playwright Skill?
It is built and maintained by Vubangsi Mercel (@vmercel); the current version is v0.1.0.
More Skills