mcp-server

Name: mcp-server
Author: browserstack

by browserstack

Overview

This server acts as a comprehensive testing platform, enabling users to manage, execute, debug, and fix tests for web and mobile applications on BrowserStack's cloud infrastructure using natural language prompts and AI integrations.

Installation

Run Command

node dist/index.js

Environment Variables

BROWSERSTACK_USERNAME
BROWSERSTACK_ACCESS_KEY
REMOTE_MCP
DEV_MODE
USE_OWN_LOCAL_BINARY_PROCESS
BROWSERSTACK_LOCAL_OPTION_PROXYHOST
BROWSERSTACK_LOCAL_OPTION_PROXYPORT
BROWSERSTACK_LOCAL_OPTION_PROXYUSER
BROWSERSTACK_LOCAL_OPTION_PROXYPASS
BROWSERSTACK_LOCAL_OPTION_USECACERTIFICATE
BROWSERSTACK_LOCAL_OPTION_LOCALPROXYHOST
BROWSERSTACK_LOCAL_OPTION_LOCALPROXYPORT
BROWSERSTACK_LOCAL_OPTION_LOCALPROXYUSER
BROWSERSTACK_LOCAL_OPTION_LOCALPROXYPASS
BROWSERSTACK_LOCAL_OPTION_PACFILE
BROWSERSTACK_LOCAL_OPTION_FORCE
BROWSERSTACK_LOCAL_OPTION_FORCELOCAL
BROWSERSTACK_LOCAL_OPTION_ONLYAUTOMATE
BROWSERSTACK_LOCAL_OPTION_VERBOSE
BROWSERSTACK_LOCAL_OPTION_LOGFILE
BROWSERSTACK_LOCAL_OPTION_BINARYPATH
BROWSERSTACK_LOCAL_OPTION_F
BROWSERSTACK_LOCAL_OPTION_EXCLUDEHOSTS

Security Notes

The `runPercyScan` tool executes a user-provided `percyRunCommand` directly, which is a critical command injection vulnerability if user input is not carefully constrained or sanitized. Additionally, `execSync` is used in `src/lib/local.ts` to manage the BrowserStackLocal binary, which poses a lower but still present risk for code execution. While `sanitizeUrlParam` is used for some URL components and `apiClient` performs URL validation, the direct execution of arbitrary commands in `runPercyScan` is a severe risk.

Similar Servers

inspector

1569

Local development and debugging platform for Model Context Protocol (MCP) clients and servers, including proxying MCP server interactions, simulating UI widgets, and facilitating OAuth flows. It enables building, testing, and developing MCP clients and servers.

Other

$Medium