Trust Assessment
playwriter received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 1 critical, 2 high, 2 medium, and 0 low severity. Key findings include Arbitrary JavaScript Execution via Playwriter, Potential Data Exfiltration and Credential Harvesting, Broad Playwright Page API Access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary JavaScript Execution via Playwriter The `playwriter` tool explicitly allows the execution of arbitrary JavaScript code within a browser context via the `-e` flag. This means a malicious actor could craft JavaScript to perform unauthorized actions within the browser, access sensitive data, or interact with web applications in unintended ways. The availability of `require` also suggests potential for loading arbitrary modules, further expanding the attack surface. Implement strict input validation and sanitization for any user-provided code executed via the `-e` flag. Consider sandboxing the JavaScript execution environment more rigorously or limiting the available Playwright API surface. If the agent is generating this code, ensure it only generates trusted and safe operations. | LLM | SKILL.md:38 | |
| HIGH | Potential Data Exfiltration and Credential Harvesting As a direct consequence of arbitrary JavaScript execution, sensitive data from the browser (e.g., cookies, local storage, session storage, form data including credentials, and page content) can be read and exfiltrated. The examples demonstrate reading page content and filling forms. The network interception capabilities further enable capturing and manipulating network requests, which could expose credentials or other sensitive information. Restrict the capabilities of the executed JavaScript to prevent access to sensitive browser APIs (e.g., `localStorage`, `sessionStorage`, `document.cookie`, `fetch` to external domains) or implement a robust Content Security Policy within the browser context. Ensure any data read from the browser is handled securely and not logged or transmitted without explicit user consent. | LLM | SKILL.md:59 | |
| HIGH | Unpinned npm Dependency The installation instruction `npm i -g playwriter` does not specify a version, which means the latest version will always be installed. This introduces a supply chain risk, as a malicious update to the `playwriter` package could be automatically pulled in, potentially compromising the system where it's installed. Always pin dependencies to a specific, known-good version (e.g., `npm i -g playwriter@1.2.3`). Regularly review and update dependencies to mitigate known vulnerabilities. | LLM | SKILL.md:26 | |
| MEDIUM | Broad Playwright Page API Access The skill provides access to the full Playwright Page API, `BrowserContext`, and a persistent `state` object. This grants extensive control over the browser environment, including navigation, DOM manipulation, network interception, and file system access (e.g., via screenshots to `/tmp`). While necessary for its intended function, this broad access increases the risk if untrusted or malicious code is executed. Evaluate if the full Playwright API surface is strictly necessary for all use cases. Consider implementing a more granular permission model or a restricted API subset for operations that do not require full browser control. | LLM | SKILL.md:45 | |
| MEDIUM | Reliance on External Chrome Extension The skill requires the installation of a 'Playwriter Chrome extension.' This introduces an additional external dependency and potential supply chain risk. A compromised or malicious extension could undermine the security of the browser session and the data it handles, even if the `playwriter` CLI tool itself is secure. Provide clear instructions on how to verify the authenticity and integrity of the Chrome extension. Consider documenting the security implications of installing third-party browser extensions. Regularly audit the extension's source if possible, or ensure it comes from a trusted and verified source. | LLM | SKILL.md:28 |
Scan History
Embed Code
[](https://skillshield.io/report/6c33532e6517c81e)
Powered by SkillShield