playwright-skill

This script is a legitimate-but-powerful CLI runner for Playwright automation that intentionally executes arbitrary code supplied by the user. The file itself does not contain obfuscated or covert malicious payloads, but it enables dangerous operations: full rights code execution via writing and requiring temporary files, automatic execution of npm/npx install commands (supply-chain risk), and possible forwarding of environment-derived values into HTTP headers (risk of secret leakage). Treat any use of this tool as untrusted if input or the environment is not controlled. Recommend not running with untrusted scripts, avoid running the auto-install in sensitive environments, and inspect ./lib/helpers for what it reads from env before use.