High-risk tools in Playwright MCP Server
15 of the 29 tools in Playwright MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
playwright_deleteExecutePerform an HTTP DELETE request
-
playwright_evaluateExecuteExecute JavaScript in the browser console
-
playwright_expect_responseExecuteAsk Playwright to start waiting for a HTTP response. This tool initiates the wait operation but does not wait for its completion.
-
playwright_navigateExecuteNavigate to a URL
-
start_codegen_sessionExecuteStart a new code generation session to record Playwright actions
-
playwright_clickExecuteClick an element on the page
-
playwright_custom_user_agentExecuteSet a custom User Agent for the browser
-
playwright_dragExecuteDrag an element to a target location
-
playwright_go_backExecuteNavigate back in browser history
-
playwright_go_forwardExecuteNavigate forward in browser history
-
playwright_hoverExecuteHover an element on the page
-
playwright_iframe_clickExecuteClick an element in an iframe on the page
-
playwright_postExecutePerform an HTTP POST request
-
playwright_press_keyExecutePress a keyboard key
-
playwright_selectExecuteSelect an element on the page with Select tag
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.