// SCAN REPORT

MCP Playwright CDP

12 tools. 10 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

10 can modify or destroy data
2 read-only
12 tools total

Community server · catalogue entry verified 11/06/2026

How to control MCP Playwright CDP ↓

TOOL MAP

What MCP Playwright CDP exposes to your agents

Read (2) Write / Execute (9) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous MCP Playwright CDP tools

Destructive · High playwright_delete HTTP DELETE requests are used to remove resources on a server. Execute · Critical playwright_evaluate This tool enables execution of arbitrary JavaScript code in a live browser session. Execute · High playwright_navigate Navigation is an Execute action because it triggers external operations (loading web pages, executing JavaScript in those pages, loading third-party content) whose side effects depend entirely on the argument URL provide Execute · High playwright_click Clicking elements in a browser can trigger a wide range of external operations: form submissions, navigation, purchases, deletions, API calls, etc.

10 of MCP Playwright CDP's 12 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control MCP Playwright CDP

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Playwright CDP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "playwright_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "playwright_patch": {
    "limits": [
      {
        "counter": "playwright_patch_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "playwright_get": {
    "limits": [
      {
        "counter": "playwright_get_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MCP Playwright CDP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP PLAYWRIGHT CDP →

Free to start. No card required.

FULL CATALOGUE

All 12 MCP Playwright CDP tools

DESTRUCTIVE 1 tools
Destructive playwright_delete Perform an HTTP DELETE request
EXECUTE 6 tools
Execute playwright_evaluate Execute JavaScript in the browser console Execute playwright_navigate Navigate to a URL Execute playwright_click Click an element on the page Execute playwright_fill fill out an input field Execute playwright_hover Hover an element on the page Execute playwright_select Select an element on the page with Select tag
WRITE 3 tools
Write playwright_patch Perform an HTTP PATCH request Write playwright_post Perform an HTTP POST request Write playwright_put Perform an HTTP PUT request
READ 2 tools
Read playwright_get Perform an HTTP GET request Read playwright_screenshot Take a screenshot of the current page or a specific element
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about MCP Playwright CDP

Can an AI agent delete data through the MCP Playwright CDP MCP server? +

Yes. The MCP Playwright CDP server exposes 1 destructive tools including playwright_delete. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MCP Playwright CDP? +

The MCP Playwright CDP server has 3 write tools including playwright_patch, playwright_post, playwright_put. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP Playwright CDP.

How many tools does the MCP Playwright CDP MCP server expose? +

12 tools across 4 categories: Destructive, Execute, Read, Write. 2 are read-only. 10 can modify, create, or delete data.

How do I enforce a policy on MCP Playwright CDP? +

Register the MCP Playwright CDP MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP Playwright CDP tool call.

Deterministic rules across all 12 MCP Playwright CDP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MCP PLAYWRIGHT CDP →

Free to start. No card required.

12 MCP Playwright CDP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.