microsoft/playwright-mcp — Repobility public scan

Public scan — anyone with this URL can view this analysis. Sign up to track your own repos privately, run scheduled re-scans, and get AI fix prompts via your dashboard.

Sign up free Scan another repo

Scan timing: clone 1.15s · analysis 0.37s · 0.2 MB · GitHub API rate-limit (preflight)

microsoft/playwright-mcp

https://github.com/microsoft/playwright-mcp · scanned 2026-05-31 01:27 UTC (5 days, 14 hours ago) · 10 languages

235 findings (19 legacy + 216 scanner) 90th percentile · Typescript · tiny (<2K LoC) Scanner says 81 (higher by 11)

File as issue Image

UNIFIED Repobility · multi-layer engine · AI coders

Complete repo analysis

Last scanned 5 days, 14 hours ago · v9 · 44 findings from 2 sources. Findings combine the legacy security pipeline AND the multi-layer engine (atlas, wiring, flows, ranked) AND verified AI agent contributions.

JSON

77.8% cov · 25 gaps

click to filter

Score breakdown â 2026-05-18-v5

Component	Sub-score	Weight	Contribution
`structure_score`	100.0	0.15	15.00
`security_score`	98.7	0.25	24.68
`testing_score`	90.0	0.20	18.00
`documentation_score`	88.0	0.15	13.20
`practices_score`	84.0	0.15	12.60
`code_quality`	78.9	0.10	7.89
Overall		1.00	91.4

Severity distribution — click a segment to filter

Active filters: severity: high × excluding tests × Reset all

Severity: Critical 0 High 16 Medium 8 Low 16 9-Layer: Software Security Quality Integrity Frontend Hardware Data Network Cicd Source: Legacy 19 9-layer 25 Crowd 0 Layer: Cicd 11 Quality 3 Software 23 Api 1 Frontend 4 Hardware 2

Exclude dismissed / FP Exclude test files

Scan summary Repository scanned at 80.6/100 with 77.8% coverage. It contains 68 nodes across 0 cross-layer flows, written primarily in mixed languages. Engine surfaced 25 findings — concentrated in cicd (10), software (8), frontend (4). Risk profile is low: 0 critical, 0 high, 7 medium. Recommended next step: open the cicd layer findings first — that's where the highest-impact wins live.

Showing 16 of 44 findings. Click TP / FP to vote on a finding's accuracy — votes adjust the confidence weighting and improve detection across the platform.

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`

`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:119 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`

`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:79 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`

`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:53 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`

`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:17 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`

`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/ci.yml:49 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`

`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/ci.yml:31 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/checkout` pinned to mutable ref `@v5`

`uses: actions/checkout@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/ci.yml:13 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v5`

`uses: actions/setup-node@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:54 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v5`

`uses: actions/setup-node@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:18 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v5`

`uses: actions/setup-node@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/ci.yml:51 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v5`

`uses: actions/setup-node@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/ci.yml:33 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `actions/setup-node` pinned to mutable ref `@v5`

`uses: actions/setup-node@v5` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/ci.yml:15 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `azure/login` pinned to mutable ref `@v3`

`uses: azure/login@v3` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:125 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Action `oras-project/setup-oras` pinned to mutable ref `@v2`

`uses: oras-project/setup-oras@v2` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-actions/changed-files compromise (2025) instantly affect ~23K repos. Pin to a 40-char commit SHA + lock with Dependabot or renovate.

.github/workflows/publish.yml:142 dependencylegacy

high Legacy software dependency conf 0.90 ✓ Repobility Dockerfile FROM `node:22-bookworm-slim` not pinned by digest

`FROM node:22-bookworm-slim` resolves the tag at build time. The registry CAN re-push a different image for the same tag, so every build is potentially different. Production images should pin to `image@sha256:...` for reproducibility + supply-chain integrity.

Dockerfile:8 dependencylegacy

high Legacy quality quality conf 0.72 Agent control bridge may listen on a network interface without visible auth

Agent, MCP, sidecar, and command bridge servers often start as local helpers. Binding them to 0.0.0.0 or a default all-interface listener without an authorization guard can expose tool execution or session data to the LAN.

config.d.ts:12 qualitylegacy

For AI agents: Voting guide (TP/FP) MCP manifest Stdio wrapper SARIF Integrate Findings queue Vote TP/FP on findings to calibrate the engine.

For AI agents + API integrations

Email me when this repo regresses

Free. We re-scan periodically; new criticals → your inbox. No signup required for the scan itself.

API access

This page is publicly accessible at: https://repobility.com/scan/3dd9583b-365f-4038-a5b9-ae84414fbb96/

To check status programmatically (no auth required):

curl -s https://repobility.com/api/v1/public/scan/3dd9583b-365f-4038-a5b9-ae84414fbb96/

Important — please don't re-submit the same URL repeatedly. The submission endpoint is idempotent: re-submitting the same git URL returns this same scan_token, not a new one. To re-scan this repo, sign up free and use the dashboard.