playwright-skill

No direct malware behavior (e.g., hardcoded credentials, overt exfiltration, backdoor logic) is evident in the provided snippet. However, the module is inherently high-risk because it functions as a universal JavaScript executor: it ingests runtime-supplied code from argv or stdin, writes it to disk, and executes it with require() (full RCE within the current process). It also expands supply-chain exposure by running npm and npx Playwright installation commands at runtime when Playwright is absent. This should only be used with fully trusted inputs in a controlled environment.