mcp-accessibility-scanner

The `browser_evaluate` tool allows arbitrary JavaScript execution within the browser's context. While Playwright provides isolation from the host machine, malicious scripts could still perform actions like data exfiltration from the loaded web page or contribute to browser-level exploits if not carefully sandboxed and monitored by the orchestrating LLM. More critically, the `mdb_push_tools` tool, used in advanced configurations, allows the dynamic loading of additional MCP servers from a specified URL (`mcpUrl`). This presents a significant supply chain risk; if an attacker could coerce an LLM to call `mdb_push_tools` with a malicious or compromised `mcpUrl`, it could lead to the execution of arbitrary code within the Node.js process running this server, potentially compromising the host system. This is a critical vulnerability if the LLM's access to this tool is not severely restricted and monitored. Other network connection capabilities like `remoteEndpoint` and `cdpEndpoint` could also introduce risks if connected to untrusted sources, though these are configuration-dependent.