High-risk tools in Better Playwright MCP
19 of the 29 tools in Better Playwright MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_navigateExecuteNavigate to a URL
-
browser_navigate_backExecuteGo back to the previous page
-
browser_wait_forExecuteWait for text to appear or disappear or a specified time to pass
-
browser_clickExecutePerform click on a web page
-
browser_dragExecutePerform drag and drop between two elements
-
browser_evaluateExecuteEvaluate JavaScript expression on page or element
-
browser_fill_formExecuteFill multiple form fields
-
browser_handle_dialogExecuteHandle a dialog
-
browser_hoverExecuteHover over element on page
-
browser_installExecuteInstall the browser specified in the config. Call this if you get an error about the browser not being installed.
-
browser_mouse_click_xyExecuteClick left mouse button at a given position
-
browser_mouse_drag_xyExecuteDrag left mouse button to a given position
-
browser_mouse_move_xyExecuteMove mouse to a given position
-
browser_performExecutePerform a task with the browser. It can click, type, export, capture screenshot, drag, hover, select options, etc.
-
browser_press_keyExecutePress a key on the keyboard
-
browser_resizeExecuteResize the browser window
-
browser_select_optionExecuteSelect an option in a dropdown
-
browser_tabsExecuteList, create, close, or select a browser tab.
-
browser_typeExecuteType text into editable element
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.