← 返回 Skills 市场
Playwright MCP Automation
作者
zhanglinghao01-rakuten
· GitHub ↗
· v1.0.0
483
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install playwright-mcp-automation
功能描述
Launch and operate the Playwright MCP server to let agents browse real websites (login, search, checkout, dashboards) through structured tools. Use when the...
安全使用建议
This skill appears to do what it says: run a Playwright MCP server and provide guidance for using MCP tools. Before installing or running it, consider:
- Supply-chain risk: the script runs `npx @playwright/mcp@latest` (un-pinned). Prefer pinning to a specific vetted version or using an internal mirror.
- Network exposure: some snippets instruct `--allowed-hosts=*` and `--host=0.0.0.0` which disable DNS rebinding protections and expose the service. Only use those on isolated hosts or behind strict firewalls/tunnels.
- Secrets & profiles: persistent profiles, storage.json, or `--secrets /path/.env` can expose credentials. Keep those files in a secure vault, and avoid reusing an interactive Chrome profile unless you understand the privacy implications.
- Privilege and installs: the skill expects Node.js and Playwright browsers; installing system dependencies may require sudo. Run installs on trusted CI/hosts.
- Operational best practice: review the upstream Playwright MCP repo and pin versions, restrict allowed hosts, and firewall or auth-protect any exposed MCP HTTP endpoint.
If you need higher assurance, ask the author for a reproducible install spec that pins package versions or provide more provenance for the package source.
功能分析
Type: OpenClaw Skill
Name: playwright-mcp-automation
Version: 1.0.0
The skill bundle is classified as suspicious due to several significant vulnerabilities and risky capabilities. The `scripts/start_playwright_mcp.sh` script contains a shell injection vulnerability via the `${EXTRA} "$@"` expansion, allowing an attacker (e.g., via prompt injection to the agent) to pass arbitrary arguments to `npx @playwright/mcp@latest`, potentially leading to arbitrary command execution. Additionally, `references/setup.md` instructs the agent to run `sudo npx playwright install-deps chromium`, which is a privilege escalation risk if the agent has `sudo` access. The `browser_run_code` tool, documented in `references/tools.md`, allows arbitrary JavaScript execution within the browser context, which could be exploited via prompt injection to perform actions like data exfiltration from browsed websites. While the skill's purpose is legitimate browser automation, these vulnerabilities and powerful primitives pose a high risk of exploitation.
能力评估
Purpose & Capability
The name/description match the included SKILL.md, reference docs, and a simple launcher script that runs the Playwright MCP server. Requested artifacts (persistent profile, storage-state, secrets file, Playwright capabilities) are expected for browser automation.
Instruction Scope
Instructions are explicit about launching MCP, wiring clients, and calling specific MCP tools (browser_navigate, browser_snapshot, browser_run_code, etc.). They do however recommend operationally risky options (e.g., --allowed-hosts=*, exposing --host 0.0.0.0 and a port, reusing Chrome profiles, secrets files and storage.json). Those are within the skill's scope for advanced usage but increase data/host exposure if applied on an untrusted host or without network controls.
Install Mechanism
There is no formal install spec; the script uses exec npx @playwright/mcp@latest which will fetch and run an npm package at runtime. That is coherent with a lightweight instruction-only skill but carries standard supply-chain risk due to fetching an unpinned remote package (@latest). No opaque download URLs or extracted archives are present.
Credentials
The skill declares no required env vars, which matches packaging. The runtime docs reference optional env overrides (PWMCP_*) and recommend secrets storage (storage.json, --secrets /path/.env). Recommending secrets files is expected, but the skill does not itself require credentials — the user must supply them. Users should note the guidance to allow access to existing Chrome profiles and secrets which can expose sensitive data if misused.
Persistence & Privilege
The skill is not forced-always or otherwise privileged. It does not modify other skills or global agent settings. It suggests persistent browser profiles as an option, which is normal for automation, but persistence of profiles can persist credentials across runs and should be managed carefully.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install playwright-mcp-automation - 安装完成后,直接呼叫该 Skill 的名称或使用
/playwright-mcp-automation触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of playwright-mcp-automation.
- Provides Playwright MCP server automation for agents to interact with live web pages (e.g., login, checkout, download statements, UI testing).
- Includes clear setup instructions and sample launcher script for quick server start.
- Documents core workflows: planning, navigation, interaction, verification, authentication management, and resilience practices.
- Reference guides and scripts included for advanced configuration, tool lookups, and troubleshooting.
- Designed for both local and remote Playwright MCP server usage; supports persistent profiles and secrets management.
元数据
常见问题
Playwright MCP Automation 是什么?
Launch and operate the Playwright MCP server to let agents browse real websites (login, search, checkout, dashboards) through structured tools. Use when the... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 483 次。
如何安装 Playwright MCP Automation?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install playwright-mcp-automation」即可一键安装,无需额外配置。
Playwright MCP Automation 是免费的吗?
是的,Playwright MCP Automation 完全免费(开源免费),可自由下载、安装和使用。
Playwright MCP Automation 支持哪些平台?
Playwright MCP Automation 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Playwright MCP Automation?
由 zhanglinghao01-rakuten(@zhanglinghao01-rakuten)开发并维护,当前版本 v1.0.0。
推荐 Skills