playwright-cli

The skill is a legitimate browser automation CLI with features expected for testing and web interactions. I found no explicit malicious code or obfuscated payloads in the provided documentation. However, from a supply-chain and privilege perspective this skill is moderately risky: it grants powerful primitives (direct network navigation, file upload, cookie/storage manipulation, saving state artifacts) and the agent is allowed to execute arbitrary playwright-cli commands via a wildcard allowed-tools entry. The recommendation is to treat this skill as potentially dangerous in automated contexts: restrict agent permissions, avoid running unpinned npx installs in sensitive environments, and require explicit human approval before any command that reads local files, writes state with sensitive content, sets cookies, or uploads data to external sites.