Does this skill execute real attacks?

Yes, it sends actual payloads to test form responses. This is why the skill requires manual confirmation and provides a 'Dry Run' mode to review payloads beforehand.

Is it safe to run this skill on production websites?

While the skill includes production detection, it is intended for local or staging environments. Always ensure you have explicit authorization before running security tests on any target.

What kind of vulnerabilities can this skill identify?

It is optimized for testing web forms against Cross-Site Scripting (XSS), SQL Injection (SQLi), and common authentication bypass vulnerabilities.

Can I see the browser while the security test is running?

Yes, by using the --headed flag, you can watch the browser automation in real-time as it interacts with the target forms.

Playwright Security Runner

Name: Playwright Security Runner
Author: naporin0624

bynaporin0624

•

Security & Testing

Automates dynamic security audits and penetration testing for web forms using browser-driven payload execution.

The Playwright Security Runner is a specialized skill designed for developers and security researchers to perform automated dynamic application security testing (DAST). By leveraging Playwright's browser automation, it simulates real-world attack vectors such as Cross-Site Scripting (XSS) and SQL Injection (SQLi) against web forms to identify vulnerabilities. The tool is built with a 'safety-first' approach, featuring production environment detection, a dry-run mode for previewing payloads, and mandatory user confirmation before any request is sent, ensuring that security testing remains controlled and authorized.

Key Features

01Automated payload delivery for XSS, SQLi, and authentication bypass testing.

02Automated evidence collection with screenshots and detailed vulnerability reports.

03Mandatory safety protocols including production detection and user confirmation templates.

04Configurable browser automation supporting both headed and headless execution modes.

05Dry Run mode to preview planned security tests without executing requests.

062 GitHub stars

Use Cases

01Generating structured evidence and screenshots for security bug bounty reports.

02Identifying input validation flaws in local development or staging environments.

03Automating repetitive penetration testing tasks for web-based login and search forms.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins playwright-security-runner

For use in Claude.ai and ChatGPT

Download Skill