MCPVet
Medium
github · 27 files analyzed
microsoft/playwright-mcp
Powerful capabilities — review before trusting.
View source ↗Environment variables (config / keys) 3
Shell / command execution 4
AI review
This is a legitimate Microsoft Playwright MCP server extension with no deceptive or malicious intent. The static findings show standard development patterns (CI environment checks, child_process usage in build scripts, and test fixtures) that are expected for a browser automation tool. The release instructions and contributing guidelines are transparent about the project's purpose and development workflow.
- low No prompt injection or hidden instructions detected — All instructions in CLAUDE.md and release.md are standard development workflow documentation for maintaining the Playwright MCP package. No attempts to manipulate the agent or exfiltrate data were found.
- low No credential exfiltration risk — The env_access findings (process.env.CI, process.env.PRINT_ENV) are standard CI/CD checks and debug utilities, not attempts to read or exfiltrate secrets. The child_process usage is in build/test scripts (roll.js, update-readme.js, test files) which is expected for a development tool.
- low Tool descriptions match stated purpose — The README and contributing docs accurately describe the extension as a Playwright-based MCP server for browser automation. All code references align with this purpose.
Model: deepseek-chat
Static findings
Environment variables (config / keys) · Reads environment variables (config / API keys)
low
playwright.config.ts:24
forbidOnly: !!process.env.CI,
info
tests/fixtures.ts:83
if (process.env.CI && process.platform === 'linux')
low
update-readme.js:186
if (process.env.PRINT_ENV) {
Shell / command execution · Executes shell / system commands
medium
roll.js:3
const { execSync } = require('child_process');
info
tests/cli.spec.ts:16
import child_process from 'child_process';
info
tests/library.spec.ts:16
import child_process from 'child_process';
medium
update-readme.js:21
const { execSync } = require('child_process');
Scanning every extension your team installs?
Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.
MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.