uplink
by hackafterdark
Overview
Connects local AI agents to a web browser for interaction, control, and debugging.
Installation
python server.pyEnvironment Variables
- UPLINK_DOWNLOAD_DIR
Security Notes
CRITICAL RISK: The extension uses `eval()` to execute arbitrary JavaScript received from the WebSocket server within the browser's context (`extension/content.js` and `extension/background.js`). While the WebSocket connection is local and secured by a hardcoded token, this design allows for arbitrary code execution on any visited website if the local AI agent is compromised, misconfigured, or if the `AUTH_TOKEN` is discovered. This is a severe vulnerability that can lead to XSS, data exfiltration, or complete browser takeover within the user's session. The `AUTH_TOKEN` is also hardcoded in `server.py`, which makes it easily discoverable and reduces the effectiveness of token-based authentication.
Similar Servers
chrome-devtools-mcp
Control and inspect a live Chrome browser programmatically via an MCP server, enabling AI coding agents to perform reliable automation, in-depth debugging, and performance analysis.
mcp-chrome
Transforms the Chrome browser into an AI-controlled automation tool, enabling large language models to interact with web pages, analyze content, and manage browser functions.
mcp
This server provides Hyperbrowser's Model Context Protocol (MCP) interface, offering tools for web scraping, structured data extraction, crawling, and general-purpose browser automation using AI agents like OpenAI's CUA and Anthropic's Claude Computer Use.
flowlens-mcp-server
Provides coding agents with full browser context from recorded user flows for debugging and regression testing.