High-risk tools in RunAutomation MCP Server
50 of the 91 tools in RunAutomation MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
playwright_deleteExecutePerform an HTTP DELETE request
-
playwright_batch_ai_visual_compareExecuteRun batch AI visual comparisons across multiple pages
-
playwright_emulate_deviceExecuteEmulate a mobile device with specific viewport, user agent, and capabilities. Supports all Playwright device presets including iPhone, iPad, Android devices, etc.
-
playwright_evaluateExecuteExecute JavaScript in the browser console
-
playwright_expect_responseExecuteAsk Playwright to start waiting for a HTTP response. This tool initiates the wait operation but does not wait for its completion.
-
playwright_navigateExecuteNavigate to a URL
-
playwright_recover_sessionExecuteRecover a persisted session from disk after crash or restart
-
playwright_run_across_browsersExecuteExecute actions across multiple browsers in parallel. Tests cross-browser compatibility by running the same action in Chromium, Firefox, and WebKit simultaneously.
-
playwright_run_cross_browserExecuteRun a test across multiple browsers (chromium, firefox, webkit) in parallel
-
playwright_run_tests_parallelExecuteExecute multiple test scenarios in parallel with configurable concurrency
-
playwright_start_coverageExecuteStart collecting JavaScript and CSS code coverage
-
playwright_start_video_recordingExecuteStart recording video of browser session. Useful for test debugging and documentation.
-
playwright_wait_attributeExecuteWait for element attribute to have specific value
-
playwright_wait_element_countExecuteWait for specific number of elements matching a selector
-
playwright_wait_element_hiddenExecuteWait for element to become hidden or disappear
-
playwright_wait_network_idleExecuteWait for network activity to become idle
-
playwright_wait_smartExecuteIntelligent wait for element with multiple conditions (visibility, stability, interactive state)
-
playwright_wait_urlExecuteWait for URL to match a specific pattern
-
start_codegen_sessionExecuteStart a new code generation session to record Playwright actions
-
playwright_ai_visual_compareExecuteAI-powered visual regression testing that intelligently ignores dynamic content like ads and timestamps
-
playwright_assert_css_propertyExecuteAssert CSS property value using computed styles
-
playwright_assert_element_countExecuteAssert exact count of elements matching a selector with flexible comparison
-
playwright_assert_element_stateExecuteAssert element state (visible, hidden, enabled, disabled, editable, readonly, checked, unchecked)
-
playwright_assert_responseExecuteWait for and validate a previously initiated HTTP response wait operation.
-
playwright_assert_text_contentExecuteAssert element text content with fuzzy search support (exact, contains, startsWith, endsWith, regex)
-
playwright_batch_visual_compareExecuteCompare multiple screenshots against their baselines in a single operation. Useful for comprehensive visual regression testing.
-
playwright_check_accessibilityExecuteRun comprehensive accessibility scan using axe-core for WCAG compliance
-
playwright_cross_browser_screenshotExecuteCapture and compare screenshots across multiple browsers. Automatically detects visual differences between browsers.
-
playwright_download_and_extract_pdfExecuteDownload a PDF file by clicking a trigger element and optionally extract its text content. Useful for testing PDF download functionality.
-
playwright_download_fileExecuteHandle file downloads triggered by clicking an element. Waits for download to complete and saves the file.
-
playwright_expect_dialogExecuteWait for a dialog to appear, validate its message, and handle it. Useful for testing alert/confirm/prompt dialogs.
-
playwright_go_backExecuteNavigate back in browser history
-
playwright_go_forwardExecuteNavigate forward in browser history
-
playwright_hoverExecuteHover an element on the page
-
create_browser_sessionExecuteCreate a new browser session with isolated context. Enables parallel browser execution and multi-user scenarios.
-
playwright_clickExecuteClick an element on the page
-
playwright_click_and_switch_tabExecuteClick a link and switch to the newly opened tab
-
playwright_copy_to_clipboardExecuteCopy text to the browser clipboard using the Clipboard API
-
playwright_dragExecuteDrag an element to a target location
-
playwright_drag_to_positionExecuteDrag an element to specific coordinates on the page with smooth animation
-
playwright_fillExecutefill out an input field
-
playwright_handle_dialogExecuteSet up a handler for the next browser dialog (alert, confirm, or prompt). The handler will be called when a dialog appears.
-
playwright_iframe_clickExecuteClick an element in an iframe on the page
-
playwright_iframe_fillExecuteFill an element in an iframe on the page
-
playwright_patchExecutePerform an HTTP PATCH request
-
playwright_postExecutePerform an HTTP POST request
-
playwright_press_keyExecutePress a keyboard key
-
playwright_putExecutePerform an HTTP PUT request
-
playwright_selectExecuteSelect an element on the page with Select tag
-
switch_browser_sessionExecuteSwitch the current active session to a different browser session. All subsequent browser operations will use the switched session.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.