High-risk tools in MCP Playwright Browser
30 of the 71 tools in MCP Playwright Browser are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser.backExecuteGo back in history.
-
browser.clickExecuteClick an element by elementId, selector, or text.
-
browser.click_atExecuteClick at viewport coordinates (x, y). Use browser.click_at_page for page coordinates.
-
browser.click_at_pageExecuteClick at page coordinates (x, y). Will scroll to bring the point into view first.
-
browser.connect_cdpExecuteConnect to an existing Chrome/Chromium with remote debugging enabled (CDP).
-
browser.evaluateExecuteRun arbitrary JS in the page/frame context. Disabled by default; enable with MCP_ALLOW_EVALUATE=true.
-
browser.expect_eventExecuteWait for a specific browser event, optionally running an allowlisted action first.
-
browser.fillExecuteFill an input/textarea by selector or cached elementId (sets full value).
-
browser.fill_formExecuteFill a set of fields by label or selector (generic HTML forms).
-
browser.forwardExecuteGo forward in history.
-
browser.gotoExecuteNavigate to a URL.
-
browser.handle_dialogExecuteHandle a pending dialog by dialogId.
-
browser.hoverExecuteHover an element by uid, elementId, selector, or text.
-
browser.launchExecuteLaunch Chromium with Playwright and open a new page.
-
browser.launch_chrome_cdpExecuteLaunch Chrome with remote debugging enabled and connect via CDP.
-
browser.new_pageExecuteOpen a new page/tab in the current context.
-
browser.pressExecutePress a key, optionally focusing selector or elementId.
-
browser.reloadExecuteReload the current page.
-
browser.scroll_byExecuteScroll the main page by a delta.
-
browser.scroll_containerExecuteScroll a specific container by selector.
-
browser.scroll_toExecuteScroll the main page to an absolute position.
-
browser.scroll_to_uidExecuteScroll the element identified by a uid (from browser.take_snapshot) into view.
-
browser.select_pageExecuteSelect the active page/tab by pageId.
-
browser.waitExecuteWait for a selector or timeout.
-
browser.wait_forExecuteWait for a selector, text, or uid to be ready. Prefer this over fixed sleeps.
-
browser.wait_for_popupExecuteWait for a popup/new tab opened by page actions.
-
forms.google_set_dropdownExecuteSelect a Google Form dropdown option by matching its question title.
-
forms.google_set_gridExecuteSelect a Google Form multiple-choice grid cell by row and column values.
-
forms.google_set_radioExecuteSelect a Google Form radio/linear-scale option by question title and option label.
-
jobs.indeed_next_pageExecuteGo to the next Indeed results page (direct URL by default, with optional click mode).
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.