High-risk tools in MCP Playwright Server
27 of the 58 tools in MCP Playwright Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_historyExecuteNavigate back or forward in browser history
-
browser_launchExecuteLaunch a new browser instance (Chromium, Firefox, or WebKit) with optional authentication state and video recording
-
browser_navigateExecuteNavigate to a URL in the browser
-
browser_reloadExecuteReload the current page
-
browser_tabsExecuteList, create, close, or select browser tabs
-
checkbox_setExecuteCheck or uncheck a checkbox element. Works with both <input type=
-
drag_and_dropExecuteDrag an element and drop it on another element. Supports automatic retries for flaky elements.
-
element_clickExecuteClick an element using various locator strategies. Locator types (in recommended priority order): -
-
element_fillExecuteFill text into an input field using various locator strategies. Locator types (in recommended priority order): -
-
element_focusExecuteFocus an element (e.g., to trigger focus events or enable keyboard input)
-
element_hoverExecuteHover over an element using various locator strategies. Locator types (in recommended priority order): -
-
frame_actionExecutePerform an action (click, fill, getText, waitForSelector) inside an iframe.
-
har_playbackExecuteUse a HAR file to mock network responses. Requests matching the HAR will return recorded responses.
-
har_record_startExecuteStart recording HTTP Archive (HAR) for network analysis. Records all network requests during the session.
-
keyboard_pressExecutePress a keyboard key or key combination. Examples:
-
keyboard_typeExecuteType text character by character (simulates real typing). Use element_fill for faster input, use this for character-by-character typing simulation.
-
network_routeExecuteIntercept and modify network requests matching a URL pattern. Actions: -
-
network_unrouteExecuteRemove previously set network routes. If no pattern specified, removes all routes.
-
page_prepareExecuteConfigure page settings for testing (viewport, geolocation, permissions, color scheme, etc.)
-
page_wait_for_load_stateExecuteWait for the page to reach a specific load state. Recommended: use domcontentloaded for SPAs, networkidle for pages with async data loading.
-
select_optionExecuteSelect an option from a dropdown/select element. Supports automatic retries for flaky elements.
-
tracing_groupExecuteStart a named group in the trace to organize related actions. Call tracing_group_end to close.
-
tracing_group_endExecuteEnd the current trace group started with tracing_group
-
tracing_startExecuteStart recording a trace for debugging. Captures screenshots, DOM snapshots, and action logs. View traces at trace.playwright.dev
-
tracing_stopExecuteStop recording and save the trace to a file. Open the trace file at https://trace.playwright.dev
-
wait_for_downloadExecuteWait for a file download to complete after triggering an action
-
wait_for_selectorExecuteWait for an element matching the selector to appear or reach a specific state
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.