mcp-browser
by bobmatnyc
Overview
Provides browser control (navigation, DOM interaction) and console log capture for AI coding assistants via a local MCP server, with a browser extension and macOS AppleScript as primary control mechanisms.
Installation
mcp-browser mcpEnvironment Variables
- MCP_BROWSER_ENV
- BROWSER_CONTROL_MODE
- APPLESCRIPT_BROWSER
- FALLBACK_ENABLED
- PROMPT_FOR_PERMISSIONS
Security Notes
The server allows execution of arbitrary JavaScript via the browser extension (`eval(code)` in content.js) and arbitrary AppleScript via the AppleScript service (`osascript -e script`). Both 'code' and 'script' inputs originate from the MCP client (likely an LLM). If the LLM or any upstream component is compromised or provides unexpected input, this could lead to arbitrary code execution in the browser's page context (via the extension) or on the local macOS system (via AppleScript). There's no explicit input sanitization or robust sandboxing of these dynamic code injections evident in the provided source for preventing malicious payloads, relying heavily on the trustworthiness of the MCP client's input. The system runs locally on `localhost`, which mitigates remote network exploitation, but local privilege escalation or data exfiltration is a risk.
Similar Servers
chrome-devtools-mcp
Control and inspect a live Chrome browser using AI coding agents for web automation, in-depth debugging, and performance analysis.
mcp
This server provides Hyperbrowser's Model Context Protocol (MCP) interface, offering tools for web scraping, structured data extraction, crawling, and general-purpose browser automation using AI agents like OpenAI's CUA and Anthropic's Claude Computer Use.
flowlens-mcp-server
Provides coding agents with full browser context from recorded user flows for debugging and regression testing.
blueprint-mcp
Enable AI assistants and coding agents to control and automate real web browsers (Chrome, Firefox, Opera) through a browser extension, maintaining logged-in sessions and avoiding bot detection.