playwright-mcp-vercel
by HaolongChen
Overview
Provides a REST API endpoint to proxy requests to the Playwright Model Context Protocol (MCP) tool, enabling serverless browser automation.
Installation
node server.jsSecurity Notes
The server directly proxies arbitrary JSON payloads to the `playwright-mcp` tool via an unauthenticated API endpoint (`/mcp`). Crucially, the `server.js` code lacks input validation for the incoming MCP payload, which the `README` explicitly recommends as a security consideration. This allows any caller to execute arbitrary browser automation commands, potentially leading to malicious actions (e.g., unauthorized scraping, resource exhaustion, interaction with sensitive web services if the server has network access). Using `spawn` with `shell: true` can introduce shell injection risks, although in this specific case, the command (`npx playwright-mcp`) is static and user input is passed via stdin, reducing the immediate risk from command construction itself. Without authentication and robust input validation, this server is not safe for public exposure.
Similar Servers
playwright-mcp
Provides a Model Context Protocol (MCP) server for LLMs to automate browser interactions using Playwright's accessibility tree, avoiding pixel-based vision models.
verdex-mcp
AI-first browser automation for Playwright test authoring, enabling AI coding assistants to generate robust, container-scoped, and content-filtered Playwright selectors for end-to-end tests.
playwright-mcp-server
Provides a robust, token-aware Playwright browser automation server for Large Language Models (LLMs) and coding agents to interact with web content, supporting advanced features like anti-detection and multi-page management.
athena-browser-mcp
An MCP server for browser automation that exposes semantic, token-efficient page representations optimized for LLM agents.