Public scan brief

microsoft/playwright-mcp security scan

Partial no-execution triage for the public Playwright MCP repo. This is a heuristic scan of selected public text files, not a commissioned audit, vulnerability disclosure, or security certification.

Rerun public scan Browser audit path Start audit from scan

Repomicrosoft/playwright-mcp

Score32/100 heuristic

Snapshot6 selected files scanned

Signals3 high / 1 medium / 1 low

Top findings

Browser automation MCPs need explicit launch boundaries

The fetched slice produced high-priority review signals around write actions, credential handling, and missing test visibility. A fresh audit would validate the actual tool registration, browser action boundaries, transport exposure, and release gates.

HighWrite actions detected without obvious tool safety annotations.

HighCredential signals detected without redaction signals.

HighNo obvious tests found in the fetched slice.

MedRemote transport or browser automation exposure should be documented before launch.

Paid handoff

Convert this scan into a fixed-scope review

Confirm the current repo revision and browser automation surface.
Map navigation, click, form, session, download, and JavaScript execution boundaries.
Validate auth, redaction, tool annotations, and tests against real source paths.
Pay USD $1,000 only after written scope acceptance.