playwright-mcp
by microsoft
Overview
A Model Context Protocol (MCP) server enabling LLMs to automate browser interactions through structured accessibility snapshots, bypassing traditional vision models.
Installation
npx @playwright/mcp@latestEnvironment Variables
- PLAYWRIGHT_MCP_EXTENSION_TOKEN
- DEBUG
Security Notes
The server itself, when running in its default mode, leverages Playwright's sandboxed browser environments. However, the browser extension component, especially when combined with the `--extension` flag and `PLAYWRIGHT_MCP_EXTENSION_TOKEN`, grants an external Model Context Protocol (MCP) client full debugger access to the user's active browser profile. This allows the client to inject arbitrary Chrome DevTools Protocol (CDP) commands, posing a critical risk of full browser compromise, including access to all logged-in sessions and sensitive data. While there's an interactive approval dialog, the token mechanism bypasses this. The explicit configuration options (`allowedOrigins`, `blockedOrigins`) for network requests are noted as *not* a security boundary. Running this tool requires extreme caution and absolute trust in the MCP client and relay server.
Similar Servers
fetcher-mcp
Fetch web page content using a Playwright headless browser, capable of handling dynamic JavaScript, intelligent content extraction, and parallel URL processing.
mcp-accessibility-scanner
Automated web accessibility scanning and browser automation for LLMs, enabling WCAG compliance checks, screenshot capture, and detailed accessibility reports.
qa-use
Provides browser automation and QA testing capabilities for AI agents, including automated tests, session monitoring, and batch execution.
playwright-mcp-server
Provides a minimal yet robust server for AI agents to automate web browser interactions including navigation, DOM manipulation, and network monitoring, with an emphasis on token-aware outputs.