blueprint-mcp

The server's core functionality involves executing arbitrary JavaScript in the browser context (`Runtime.evaluate`) and performing privileged browser actions, which is inherently powerful and carries risk if the AI agent or MCP client is compromised. By default, the server only accepts local WebSocket connections (localhost:5555), limiting direct network exposure for the free tier. PRO mode uses OAuth for authentication to a cloud relay. The browser extension requires explicit user action to connect. Token decoding for user info on the local server does not validate JWT signatures, which is a minor concern but likely relies on the PRO relay for full validation. The use of `child_process.exec` to open a browser for OAuth flow is controlled, opening a predefined URL. Overall, the project acknowledges and attempts to mitigate risks through local-only defaults and explicit user/authentication steps, but its powerful nature means high trust in the connecting AI client is required.