// SCAN REPORT

Mcp Playwright

12 tools. 7 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

7 can modify or destroy data
5 read-only
12 tools total

Community server · catalogue entry verified 12/06/2026

How to control Mcp Playwright ↓

TOOL MAP

What Mcp Playwright exposes to your agents

Read (5) Write / Execute (6) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Mcp Playwright tools

Destructive · Medium close_browser_session Closing a browser session is irreversible — it terminates the session and destroys any associated state, cookies, and unsaved data. Execute · Critical execute_javascript This tool allows execution of arbitrary JavaScript code in the browser, which is the most powerful capability on a browser automation server. Execute · High navigate_to_url Navigation to arbitrary URLs is an Execute-category action because it causes an external operation (HTTP request and page load) to occur. Execute · Medium wait_for_selector This tool executes a browser automation action (waiting/polling for element availability) whose effects depend on the selector argument and page state.

7 of Mcp Playwright's 12 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Mcp Playwright

PolicyLayer is an MCP gateway — it sits between your AI agents and Mcp Playwright, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "close_browser_session": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Cap read operations
{
  "get_element_attribute": {
    "limits": [
      {
        "counter": "get_element_attribute_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Mcp Playwright — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP PLAYWRIGHT →

Free to start. No card required.

FULL CATALOGUE

All 12 Mcp Playwright tools

DESTRUCTIVE 1 tools
Destructive close_browser_session 关闭当前浏览器会话
EXECUTE 6 tools
Execute execute_javascript 执行JavaScript代码 Execute navigate_to_url 导航到指定URL Execute wait_for_selector 等待元素出现 Execute click_element 点击页面元素 Execute create_browser_session 创建新的浏览器会话 Execute fill_input 填写输入框
READ 5 tools
Read get_element_attribute 获取元素属性值 Read get_page_title 获取页面标题 Read get_page_url 获取当前页面URL Read get_text_content 获取元素文本内容 Read take_screenshot 截取页面截图
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
automation
Mcp Afip 1300 tools
automation
Mcp Ap2 1300 tools
automation
BNB Chain MCP 1240 tools
automation
Nodebench 824 tools
automation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
automation
Amazon Data Processing MCP Server 805 tools
automation
Amazon ECS MCP Server 805 tools
automation
FAQ

Questions about Mcp Playwright

Can an AI agent delete data through the Mcp Playwright MCP server? +

Yes. The Mcp Playwright server exposes 1 destructive tools including close_browser_session. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How many tools does the Mcp Playwright MCP server expose? +

12 tools across 3 categories: Execute, Read, Write. 5 are read-only. 7 can modify, create, or delete data.

How do I enforce a policy on Mcp Playwright? +

Register the Mcp Playwright MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Mcp Playwright tool call.

Deterministic rules across all 12 Mcp Playwright tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MCP PLAYWRIGHT →

Free to start. No card required.

12 Mcp Playwright tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.