playwright-automate

[Skill Scanner] Backtick command substitution detected Benign: The analyzed code fragment presents a coherent, legitimate Playwright automation skill with appropriate use of official tooling, safe data flows, and no evidence of credential theft or remote control capabilities. Vigilance is advised around MCP integration and template-driven code generation in a broader supply-chain context. LLM verification: This skill is functionally consistent with its stated purpose (Playwright automation) and contains legitimate automation scripts and bash wrappers. However, it introduces supply-chain and privacy risks: unpinned npm installations and npx usage (possible dependency compromise), reading user-specific config (~/.claude/config.json) which may contain credentials, persistent caches under .claude/, and optional delegation to an MCP server (which could forward data/execution to a third party). There is