playwright-skill

The script is a legitimate CLI executor for Playwright scripts that intentionally accepts and executes user-supplied JavaScript (from files, inline args, or stdin). It is not itself obfuscated or clearly malicious. However, it presents significant security risk if used with untrusted input because it writes and executes arbitrary code, and it will automatically run package installation commands which perform network/io operations. Also, the local helper that maps environment variables to HTTP headers should be reviewed because it could leak secrets via network requests. Use only with trusted code and inspect './lib/helpers' and the package.json before allowing automatic installs.