High-risk tools in Playwright MCP Server for Security
14 of the 23 tools in Playwright MCP Server for Security are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
playwright_clickExecuteClick an element on the page. Supports both CSS selector and coordinate-based clicking for vision-based agents.
-
playwright_click_by_indexExecuteClick an element by its annotation index number. Use playwright_annotate or playwright_get_annotated_elements first to get element indices.
-
playwright_dragExecuteDrag an element to a target location
-
playwright_evaluateExecuteExecute JavaScript in the browser console
-
playwright_expect_responseExecuteAsk Playwright to start waiting for a HTTP response. This tool initiates the wait operation but does not wait for its completion.
-
playwright_fill_by_indexExecuteFill an input field by its annotation index number. Use playwright_annotate or playwright_get_annotated_elements first to get element indices.
-
playwright_go_backExecuteNavigate back in browser history
-
playwright_go_forwardExecuteNavigate forward in browser history
-
playwright_hoverExecuteHover an element on the page
-
playwright_iframe_clickExecuteClick an element in an iframe on the page
-
playwright_navigateExecuteNavigate to a URL
-
playwright_press_keyExecutePress a keyboard key
-
playwright_selectExecuteSelect an element on the page with Select tag
-
playwright_set_auto_annotationExecuteEnable or disable automatic element annotation. When enabled (default), all interactive elements are automatically highlighted with colored boxes and index numbers when a page l...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.