Does this skill execute real attacks?

Yes, it sends actual payloads to test form responses. This is why the skill requires manual confirmation and provides a 'Dry Run' mode to review payloads beforehand.

Is it safe to run this skill on production websites?

While the skill includes production detection, it is intended for local or staging environments. Always ensure you have explicit authorization before running security tests on any target.

What kind of vulnerabilities can this skill identify?

It is optimized for testing web forms against Cross-Site Scripting (XSS), SQL Injection (SQLi), and common authentication bypass vulnerabilities.

Can I see the browser while the security test is running?

Yes, by using the --headed flag, you can watch the browser automation in real-time as it interacts with the target forms.

Playwright Security Runner

Name: Playwright Security Runner
Author: naporin0624

bynaporin0624

•

セキュリティとテスト

Automates dynamic security audits and penetration testing for web forms using browser-driven payload execution.

概要

The Playwright Security Runner is a specialized skill designed for developers and security researchers to perform automated dynamic application security testing (DAST). By leveraging Playwright's browser automation, it simulates real-world attack vectors such as Cross-Site Scripting (XSS) and SQL Injection (SQLi) against web forms to identify vulnerabilities. The tool is built with a 'safety-first' approach, featuring production environment detection, a dry-run mode for previewing payloads, and mandatory user confirmation before any request is sent, ensuring that security testing remains controlled and authorized.

主な機能

Automated payload delivery for XSS, SQLi, and authentication bypass testing.
Automated evidence collection with screenshots and detailed vulnerability reports.
Mandatory safety protocols including production detection and user confirmation templates.
Configurable browser automation supporting both headed and headless execution modes.
Dry Run mode to preview planned security tests without executing requests.
2 GitHub stars

ユースケース

Generating structured evidence and screenshots for security bug bounty reports.
Identifying input validation flaws in local development or staging environments.
Automating repetitive penetration testing tasks for web-based login and search forms.

概要

主な機能

Automated payload delivery for XSS, SQLi, and authentication bypass testing.
Automated evidence collection with screenshots and detailed vulnerability reports.
Mandatory safety protocols including production detection and user confirmation templates.
Configurable browser automation supporting both headed and headless execution modes.
Dry Run mode to preview planned security tests without executing requests.
2 GitHub stars

ユースケース

Generating structured evidence and screenshots for security bug bounty reports.
Identifying input validation flaws in local development or staging environments.
Automating repetitive penetration testing tasks for web-based login and search forms.