microsoft/playwright-mcp

Minor capabilities, nothing alarming.

Environment variables (config / keys) 3

Shell / command execution 4

AI review

This is a legitimate Microsoft Playwright MCP server extension with no hidden instructions, data exfiltration, or deceptive tool descriptions. The static findings reference standard development and testing patterns (CI environment checks, child_process usage in build scripts) that are expected for a browser automation project. The release instructions and contributing guidelines are transparent about their purpose.

low No prompt injection or hidden instructions detected — All instructions in CLAUDE.md, release.md, and CONTRIBUTING.md are standard development workflow documentation for maintaining the Playwright MCP package. No attempts to manipulate the agent or exfiltrate data were found.
low Standard development tooling usage — The static findings (child_process.execSync, process.env.CI, process.env.PRINT_ENV) are used in build scripts (roll.js, update-readme.js) and test files (cli.spec.ts, fixtures.ts, library.spec.ts) for legitimate purposes like version rolling, README generation, and CI test configuration. These are not security risks.
low No credential or secret access — The extension does not contain any instructions to read, access, or exfiltrate secrets, credentials, or environment variables beyond standard CI checks. The PRINT_ENV reference in update-readme.js is a debug utility, not a data exfiltration mechanism.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low playwright.config.ts:24 forbidOnly: !!process.env.CI,

info tests/fixtures.ts:83 if (process.env.CI && process.platform === 'linux')

low update-readme.js:186 if (process.env.PRINT_ENV) {

Shell / command execution · Executes shell / system commands

medium roll.js:3 const { execSync } = require('child_process');

info tests/cli.spec.ts:16 import child_process from 'child_process';

info tests/library.spec.ts:16 import child_process from 'child_process';

medium update-readme.js:21 const { execSync } = require('child_process');

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.