playwright-cli

The provided file is documentation showing how to run arbitrary Playwright scripts via a CLI. The text itself is not malicious, but it documents a high-privilege feature that, if misused, enables credential harvesting, clipboard theft, camera/microphone/location capture, filesystem persistence of secrets, and network exfiltration. Security risk arises from executing untrusted script strings and granting broad permissions; operators must treat run-code as sensitive functionality and apply strict operational controls and auditing.

The skill's footprint is coherent with a browser automation tool. It relies on official npm/pnpm-based Playwright CLI, performs standard browser actions, and stores artifacts locally. There are no credential exposures, no arbitrary remote execution patterns, and no data exfiltration identified in the provided content. Overall risk is low to moderate, aligned with legitimate automation tooling. Monitor for future expansions that might enable external network calls or credential usage to ensure continued proportionality.