mcp-browser
by bobmatnyc
Overview
Provides browser control (navigation, DOM interaction) and console log capture for AI coding assistants via a local MCP server, with a browser extension and macOS AppleScript as primary control mechanisms.
Installation
mcp-browser mcpEnvironment Variables
- MCP_BROWSER_ENV
- BROWSER_CONTROL_MODE
- APPLESCRIPT_BROWSER
- FALLBACK_ENABLED
- PROMPT_FOR_PERMISSIONS
Security Notes
The server allows execution of arbitrary JavaScript via the browser extension (`eval(code)` in content.js) and arbitrary AppleScript via the AppleScript service (`osascript -e script`). Both 'code' and 'script' inputs originate from the MCP client (likely an LLM). If the LLM or any upstream component is compromised or provides unexpected input, this could lead to arbitrary code execution in the browser's page context (via the extension) or on the local macOS system (via AppleScript). There's no explicit input sanitization or robust sandboxing of these dynamic code injections evident in the provided source for preventing malicious payloads, relying heavily on the trustworthiness of the MCP client's input. The system runs locally on `localhost`, which mitigates remote network exploitation, but local privilege escalation or data exfiltration is a risk.
Similar Servers
chrome-devtools-mcp
Control and inspect a live Chrome browser programmatically via an MCP server, enabling AI coding agents to perform reliable automation, in-depth debugging, and performance analysis.
flowlens-mcp-server
Provides coding agents with full browser context from recorded user flows for debugging and regression testing.
blueprint-mcp
Enable AI assistants and coding agents to control and automate real web browsers (Chrome, Firefox, Opera) through a browser extension, maintaining logged-in sessions and avoiding bot detection.
Chrome-DevTools-MCP
Enables AI coding agents to control and inspect a live Chrome browser for reliable web automation, in-depth debugging, and performance analysis.