MCP Playwright Browser

71 tools. 41 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

41 can modify or destroy data
30 read-only
71 tools total

Community server · catalogue entry verified 03/07/2026

How to control MCP Playwright Browser ↓

What MCP Playwright Browser exposes to your agents

Read (30) Write / Execute (40) Destructive / Financial (1)
Critical Risk

The most dangerous MCP Playwright Browser tools

41 of MCP Playwright Browser's 71 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control MCP Playwright Browser

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Playwright Browser, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "browser.clear_cookies": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "browser.import_storage_state": {
    "limits": [
      {
        "counter": "browser.import_storage_state_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "browser.close": {
    "limits": [
      {
        "counter": "browser.close_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register MCP Playwright Browser — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON MCP PLAYWRIGHT BROWSER →

Instant setup, no code required.

All 71 MCP Playwright Browser tools

EXECUTE 30 tools
Execute browser.back Go back in history. Execute browser.click Click an element by elementId, selector, or text. Execute browser.click_at Click at viewport coordinates (x, y). Use browser.click_at_page for page coordinates. Execute browser.click_at_page Click at page coordinates (x, y). Will scroll to bring the point into view first. Execute browser.connect_cdp Connect to an existing Chrome/Chromium with remote debugging enabled (CDP). Execute browser.evaluate Run arbitrary JS in the page/frame context. Disabled by default; enable with MCP_ALLOW_EVALUATE=true. Execute browser.expect_event Wait for a specific browser event, optionally running an allowlisted action first. Execute browser.fill Fill an input/textarea by selector or cached elementId (sets full value). Execute browser.fill_form Fill a set of fields by label or selector (generic HTML forms). Execute browser.forward Go forward in history. Execute browser.goto Navigate to a URL. Execute browser.handle_dialog Handle a pending dialog by dialogId. Execute browser.hover Hover an element by uid, elementId, selector, or text. Execute browser.launch Launch Chromium with Playwright and open a new page. Execute browser.launch_chrome_cdp Launch Chrome with remote debugging enabled and connect via CDP. Execute browser.new_page Open a new page/tab in the current context. Execute browser.press Press a key, optionally focusing selector or elementId. Execute browser.reload Reload the current page. Execute browser.scroll_by Scroll the main page by a delta. Execute browser.scroll_container Scroll a specific container by selector. Execute browser.scroll_to Scroll the main page to an absolute position. Execute browser.scroll_to_uid Scroll the element identified by a uid (from browser.take_snapshot) into view. Execute browser.select_page Select the active page/tab by pageId. Execute browser.wait Wait for a selector or timeout. Execute browser.wait_for Wait for a selector, text, or uid to be ready. Prefer this over fixed sleeps. Execute browser.wait_for_popup Wait for a popup/new tab opened by page actions. Execute forms.google_set_dropdown Select a Google Form dropdown option by matching its question title. Execute forms.google_set_grid Select a Google Form multiple-choice grid cell by row and column values. Execute forms.google_set_radio Select a Google Form radio/linear-scale option by question title and option label. Execute jobs.indeed_next_page Go to the next Indeed results page (direct URL by default, with optional click mode).
READ 30 tools
Read browser.close Close the current browser session. Read browser.close_page Close a page/tab by pageId (or the active page if omitted). Read browser.export_storage_state Export browser storage state. Optionally save to a path. Read browser.extract_html Extract outerHTML from a selector. Read browser.extract_text Extract text from a selector. Use all=true to get all matches. Read browser.form_audit Audit the current page for missing required form fields (generic HTML forms). Read browser.get_capture_profile Get the active capture profile and response payload budget. Read browser.get_container_scroll_state Get scroll metrics for a specific scrollable container. Read browser.get_cookies Get cookies from the current browser context. Read browser.get_network_request Get details for a captured network request (optionally includes response body). Read browser.get_scroll_state Get scroll metrics for the main page (window). Read browser.get_scrollables List scrollable containers on the page. Read browser.list List visible interactive elements (links, buttons, inputs). Includes role=radio/checkbox. Read browser.list_console_messages List recent console logs and exceptions captured via CDP. Read browser.list_dialogs List dialogs captured from the page (alert/confirm/prompt/beforeunload). Read browser.list_frames List frames for the active page (or a specified pageId). Read browser.list_network_requests List recent network requests captured via CDP. Read browser.list_pages List open pages/tabs in the current context. Read browser.query_dom Safely query DOM nodes and return structured attributes/states without arbitrary JS execution. Read browser.snapshot Return a snapshot of the current page (title, url, text, links). Read browser.take_snapshot DevTools-style snapshot based on the accessibility tree. Returns compact nodes with uids. Read browser.type Type into an input by selector or cached elementId. Read browser.visual_snapshot Take a screenshot and return an element map with bounding boxes for visual navigation. Read browser.wait_for_download Wait for the next download event and return its metadata. Read files.list_dir List files in an allowed directory (Applied Jobs, Auto/output, Auto/logs). Read files.read_pdf_text Extract text from a PDF file (restricted to Applied Jobs and Auto output/logs). Read files.read_text Read text from a file path (restricted to Applied Jobs and Auto output/logs). Read forms.google_audit Audit a Google Form page and return compact answer state by question. Read jobs.extract_indeed Extract jobs from an Indeed search results page. Optionally save each job to a .txt file. Read search.extract_google Extract standard Google search results from the current page. Optionally save to .txt files.

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about MCP Playwright Browser

Can an AI agent delete data through the MCP Playwright Browser MCP server? +

Yes. The MCP Playwright Browser server exposes 1 destructive tools including browser.clear_cookies. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MCP Playwright Browser? +

The MCP Playwright Browser server has 10 write tools including browser.import_storage_state, browser.save_download, browser.screenshot. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP Playwright Browser.

How many tools does the MCP Playwright Browser MCP server expose? +

71 tools across 4 categories: Destructive, Execute, Read, Write. 30 are read-only. 41 can modify, create, or delete data.

How do I enforce a policy on MCP Playwright Browser? +

Register the MCP Playwright Browser MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP Playwright Browser tool call.

Deterministic rules across all 71 MCP Playwright Browser tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

71 MCP Playwright Browser tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.