High-risk tools in Playwright MCP Server
10 of the 23 tools in Playwright MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_clickExecuteClick an element on the page.
-
browser_create_sessionExecuteCreate a new browser session. Returns a sessionId that must be used for all subsequent operations.
-
browser_execute_scriptExecuteExecute custom JavaScript code in the browser context. Returns the result of the script execution.
-
browser_installExecuteInstall Playwright browsers. This allows you to install chromium, firefox, webkit, or all browsers without manually running playwright install.
-
browser_navigateExecuteNavigate to a URL in the specified session.
-
browser_new_pageExecuteCreate a new page (tab) in the session and optionally navigate to a URL.
-
browser_scrollExecuteScroll the page to a specific position, element, or direction. Useful for loading lazy-loaded content.
-
browser_switch_pageExecuteSwitch to a different page (tab) by its index. Use browser_get_pages to see available pages.
-
browser_typeExecuteType text into an input element.
-
browser_wait_for_elementExecuteWait for an element to appear on the page. Useful for waiting for dynamic content to load.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.