Playwright MCP

Overview

Playwright MCP is a Model Context Protocol server for browser automation through Playwright. It lets MCP clients interact with web pages using structured accessibility snapshots rather than relying on screenshots or vision models. The README positions MCP as useful for persistent-state, introspective, long-running browser workflows, while suggesting Playwright CLI plus skills for high-throughput coding-agent workflows.

Installation

Standard MCP client config uses the imported stdio transport:

{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": ["@playwright/mcp@latest"]
    }
  }
}

The package can also be run as a standalone HTTP/SSE server with npx @playwright/mcp@latest --port 8931 and then connected by URL http://localhost:8931/mcp. Docker usage is documented with mcr.microsoft.com/playwright/mcp; that image currently supports headless Chromium.

Requirements

The package requires Node.js 18 or newer and an MCP client such as VS Code, Cursor, Windsurf, Claude Desktop, Goose, Junie, or another MCP-compatible client. Browser binaries and system dependencies may need to be installed; the CLI exposes install-browser as a Playwright install passthrough.

Configuration

Configuration can be provided through CLI args, environment variables, or a JSON config file passed with --config. The source review records all documented PLAYWRIGHT_MCP_* variables and the matching CLI flags. Important options cover host/origin controls, file access, browser choice, CDP/remote endpoints, headless mode, HTTP host/port, init scripts, isolated profiles, output files, proxy settings, sandbox mode, shared browser contexts, snapshots, storage state, timeouts, user data directories, viewport size, and optional tool capabilities.

Capabilities

Core tools include browser navigation, page snapshots, clicks, typing, form filling, dialogs, file upload, screenshots, console and network inspection, tab management, waits, resize, select, drag/drop, and unsafe Playwright code execution. Optional capabilities expose configuration lookup, network mocking/state, storage and cookie operations, DevTools annotations/tracing/video controls, coordinate-based vision actions, PDF generation, and test assertion helpers.

Security And Limitations

Playwright MCP is not a security boundary. The docs explicitly warn that origin allow/block lists and secret redaction are convenience guardrails, not complete security controls. File access is restricted to workspace roots by default unless --allow-unrestricted-file-access is enabled. Persistent profiles are single-browser-instance resources and can conflict across concurrent clients; use --isolated or separate --user-data-dir values for parallel clients. Docker currently supports only headless Chromium. Binding the HTTP server to 0.0.0.0 should be limited to trusted environments.