Trust Assessment
playwright-cli received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Arbitrary local file read, write, and upload via playwright-cli, Arbitrary JavaScript execution and sensitive browser data exposure.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary local file read, write, and upload via playwright-cli The skill's declared permission `Bash(playwright-cli:*)` grants access to powerful `playwright-cli` commands. Specifically, `playwright-cli upload`, `playwright-cli state-save`, and `playwright-cli state-load` can be abused. If the file paths provided to these commands are user-controlled, an attacker can read arbitrary local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), write to arbitrary locations on the filesystem (e.g., `/tmp/malicious_script.sh`), or upload sensitive files to a malicious web server. This poses a severe risk of data exfiltration and potential system compromise. Restrict `playwright-cli` commands to operate only within a strictly sandboxed directory. Disallow user-controlled arbitrary file paths for `upload`, `state-save`, and `state-load`. If possible, remove these capabilities if not essential for the skill's core function. | LLM | SKILL.md:40 | |
| HIGH | Arbitrary JavaScript execution and sensitive browser data exposure The `playwright-cli eval` and `playwright-cli run-code` commands allow executing arbitrary JavaScript within the browser context. This enables an attacker to extract sensitive information (e.g., cookies, local storage, form data, DOM content) from the current web page and potentially exfiltrate it via network requests initiated by the JavaScript. Additionally, commands like `playwright-cli cookie-list`, `localstorage-list`, and `sessionstorage-list` directly expose sensitive browser storage data, which could be captured by the LLM and further exfiltrated, leading to credential harvesting or data leakage. Implement strict sanitization or whitelisting for JavaScript code executed via `eval` and `run-code`. Consider using predefined, safe browser interactions instead of arbitrary code. For `cookie-list`, `localstorage-list`, etc., implement output filtering or redaction for sensitive information. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/d976592ef8a5ac88)
Powered by SkillShield