AgentBoard
by igrigorik
Overview
Integrates AI agents with browser capabilities, enabling interaction with web pages and external Model Context Protocol (MCP) servers through a suite of specialized tools for tasks like content extraction and web automation.
Installation
No command providedSecurity Notes
The system utilizes dynamic user script injection into the MAIN world of web pages via blob URLs. While efforts are made for sanitization (removing `export`, wrapping in IIFE) and Trusted Types support, direct script injection is an inherent security risk. A malicious user script or a vulnerability in the parsing/injection mechanism could lead to browser context compromise. The `fetch_url` tool can perform CORS-bypassing network requests, optionally including user credentials, which is a powerful capability that could be abused by a malicious LLM prompt or a compromised user script. The `parseMetadataObject` function in `script-parser.ts` and metadata extraction in `src/options/webmcp-scripts.ts` use `new Function()` to parse user-provided metadata, which is a risk if malicious JSON or JavaScript is injected there, though contextually limited. No hardcoded secrets were found. API keys are handled via secure browser storage.
Similar Servers
chrome-devtools-mcp
Control and inspect a live Chrome browser programmatically via an MCP server, enabling AI coding agents to perform reliable automation, in-depth debugging, and performance analysis.
mcp-chrome
Transforms the Chrome browser into an AI-controlled automation tool, enabling large language models to interact with web pages, analyze content, and manage browser functions.
mcp-server-browserbase
Enables LLMs to perform cloud browser automation tasks such as navigating, interacting with elements, extracting data, and capturing screenshots on web pages.
brightdata-mcp
Enables AI agents to access, search, extract, and navigate the live web in real-time without being blocked.