// SCAN REPORT

Playwright Autopilot

51 tools. 26 can modify or destroy data without limits.

26 write tools that can modify data. Rate limits recommended.

Last updated:

26 can modify or destroy data
25 read-only
51 tools total

Community server · catalogue entry verified 12/06/2026

How to control Playwright Autopilot ↓

TOOL MAP

What Playwright Autopilot exposes to your agents

Read (25) Write / Execute (26) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous Playwright Autopilot tools

Execute · High e2e_start_flow This tool controls a browser to perform external operations (navigation, interaction, form filling) whose side effects cannot be predicted from the tool name alone—an AI agent could use it to interact with external web s Execute · High browser_batch browser_batch is an Execute category tool because it runs a sequence of browser commands whose effects depend entirely on the arguments provided—navigation, form submission, clicks, and key presses can trigger any applic Execute · High browser_navigate This tool executes browser navigation—a side effect that interacts with external systems (remote servers, websites). Execute · Medium browser_navigate_back While navigation itself is reversible and non-destructive, it is an Execute action because it triggers browser operations and changes application state in ways that depend on the browser's history and current context.

26 of Playwright Autopilot's 51 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Playwright Autopilot

PolicyLayer is an MCP gateway — it sits between your AI agents and Playwright Autopilot, and nothing reaches the server without passing your rules. These are the rules we recommend:

Rate limit write operations
{
  "browser_save_session": {
    "limits": [
      {
        "counter": "browser_save_session_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "browser_snapshot": {
    "limits": [
      {
        "counter": "browser_snapshot_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Playwright Autopilot — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON PLAYWRIGHT AUTOPILOT →

Free to start. No card required.

FULL CATALOGUE

All 51 Playwright Autopilot tools

EXECUTE 20 tools
Execute browser_batch Execute multiple browser actions in one call. PREFERRED over individual click/type calls \u2014 dramatically r Execute browser_navigate Navigate to a URL in the browser. Launches the browser if not already open. Execute browser_navigate_back Navigate back in browser history. Execute e2e_build_flows Run each test individually with action capture and auto-save flows. Discovers all tests (optionally filtered b Execute e2e_run_test Run Playwright tests. When location is provided, runs a specific test with action capture for deep debugging. Execute e2e_start_flow Start recording a browser exploration flow. Every browser action (navigate, click, type, etc.) will be recorde Execute browser_hover Hover over an element on the page. Execute browser_replay_flow Replay saved flows using stored locators \u2014 no ARIA snapshots returned. Minimal token usage. On failure, c Execute browser_tabs List, select, or close browser tabs. Actions: Execute e2e_bisect Find the commit that broke a test using behavioral bisection. Runs binary search through git history, comparin Execute e2e_explore Automatically crawl a web app to discover page templates, navigation flows, and API calls. Uses headless Playw Execute browser_click Click an element on the page. For multiple clicks, prefer browser_batch instead. Execute browser_close Close the browser and clean up resources. Execute browser_file_upload Upload one or more files to a file chooser. The file chooser must be visible first (triggered by clicking a fi Execute browser_fill_form Fill multiple form fields in one call. Fields can be addressed by ref (from snapshot) or by label (accessible Execute browser_press_key Press a key or key combination (e.g. Enter, Escape, Tab, ArrowDown, Control+a). Execute browser_restore_session Restore a previously saved browser session. Creates a new browser context with saved cookies/localStorage, re- Execute browser_select_option Select an option from a dropdown element. Execute browser_set_headers Set extra HTTP headers for browser requests. Headers are automatically scoped to same-origin requests only, so Execute browser_type Type text into an input field. For multiple fields, prefer browser_fill_form or browser_batch instead.
WRITE 6 tools
Write browser_save_session Save the current browser session (cookies, localStorage, URL, headers) to a file for later restoration. Useful Write e2e_end_flow End the current flow recording and save it. Returns a summary of all steps, API endpoints discovered, and the Write e2e_generate_report Generate a self-contained HTML or JSON report file for a test run. HTML includes inline styles, base64 screens Write e2e_save_app_flow Save a confirmed application flow to .e2e-flows.json. The flow must include confirmed: true to indicate the us Write e2e_save_error_pattern Save a diagnosed error pattern after fixing a test failure. Extracts error signature, failing action, and URL Write e2e_save_triage_run Save a triage run record with categorized failures. Called by the triage-e2e skill after classifying all failu
READ 25 tools
Read browser_snapshot Capture the full ARIA accessibility snapshot of the current page. Returns the complete page structure with [re Read browser_take_screenshot Take a screenshot of the current page. Saves to a file and returns the file path by default. Use Read e2e_discover_flows Scan all spec files and extract the sequence of page-object method calls per test. Use this when no flows are Read e2e_find_elements Search the DOM snapshot for elements matching a role or text. Much cheaper than loading a full DOM snapshot \u Read e2e_get_action_detail Get full detail for a single action including DOM snapshots, timing, params, error. Read e2e_get_actions Get the action timeline for a test run. Shows what happened step-by-step. Read e2e_get_app_flows Read stored application flows from .e2e-flows.json. Flows describe confirmed user journeys (e.g. Read e2e_get_console Get console output from a test run. Optionally filter by type (error, warn, log, info). Read e2e_get_context Lightweight project overview: flow names with descriptions + page object class names with method counts. Use Read e2e_get_dom_diff Get the DOM diff (added/removed/changed elements) for a specific action. Read e2e_get_dom_snapshot Get the DOM snapshot before and/or after a specific action. Use interactiveOnly=true to get only inputs/button Read e2e_get_evidence_bundle Get ALL failure evidence for a test in one call \u2014 error, steps to reproduce, action timeline, network, co Read e2e_get_failure_report Get a failure report for a test run. Returns error, failing action details, action timeline, failed network re Read e2e_get_network Get network requests from a test run. Optionally filter by URL pattern, method, or status code. Response bodie Read e2e_get_screenshot Get a failure screenshot as a base64 image. Returns the image content that Claude can display. Read e2e_get_stats Get E2E suite health statistics: pass rate trend, flaky tests ranked by score, failure category breakdown, new Read e2e_get_test_source Read the test source file. With resolve=true, returns only the test body plus referenced page object method bo Read e2e_get_triage_config Read the triage configuration from .e2e-triage.json. Returns Jira settings, flaky thresholds, and project filt Read e2e_impact_analysis Find all tests that use a specific page object method. Use before refactoring to see what will break. Read e2e_list_flows List all saved flow recordings from previous exploration sessions. Read e2e_list_projects List available Playwright projects from the config. Returns project names that can be used with the project pa Read e2e_list_tests Discover available Playwright tests in the project. Returns test files with their test cases and line numbers. Read e2e_match_patterns Search the error pattern database for matches against a failing test. Returns detailed match info including sc Read e2e_scan_page_objects Scan all .page.ts and .service.ts files in the project. Returns class names, methods (with @step decorators), Read e2e_suggest_tests Analyze test coverage gaps: untested page object methods, missing flow variants, and uncovered flow steps. No
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about Playwright Autopilot

How do I prevent bulk modifications through Playwright Autopilot? +

The Playwright Autopilot server has 6 write tools including browser_save_session, e2e_end_flow, e2e_generate_report. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Playwright Autopilot.

How many tools does the Playwright Autopilot MCP server expose? +

51 tools across 3 categories: Execute, Read, Write. 25 are read-only. 26 can modify, create, or delete data.

How do I enforce a policy on Playwright Autopilot? +

Register the Playwright Autopilot MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Playwright Autopilot tool call.

Deterministic rules across all 51 Playwright Autopilot tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON PLAYWRIGHT AUTOPILOT →

Free to start. No card required.

51 Playwright Autopilot tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.