browser-devtools-mcp
Verified Safeby serkan-ozal
Overview
This MCP server provides AI coding assistants with comprehensive browser automation and debugging capabilities using Playwright, enabling execution-level and visual debugging for web pages.
Installation
node dist/index.js --transport streamable-http --port 3000Environment Variables
- PORT
- SESSION_IDLE_SECONDS
- SESSION_IDLE_CHECK_SECONDS
- SESSION_CLOSE_ON_SOCKET_CLOSE
- CONSOLE_MESSAGES_BUFFER_SIZE
- HTTP_REQUESTS_BUFFER_SIZE
- BROWSER_HEADLESS_ENABLE
- BROWSER_PERSISTENT_ENABLE
- BROWSER_PERSISTENT_USER_DATA_DIR
- BROWSER_USE_INSTALLED_ON_SYSTEM
- BROWSER_EXECUTABLE_PATH
- OTEL_ENABLE
- OTEL_SERVICE_NAME
- OTEL_SERVICE_VERSION
- OTEL_ASSETS_DIR
- OTEL_INSTRUMENTATION_USER_INTERACTION_EVENTS
- OTEL_EXPORTER_TYPE
- OTEL_EXPORTER_HTTP_URL
- OTEL_EXPORTER_HTTP_HEADERS
- AWS_REGION
- AWS_PROFILE
- AMAZON_BEDROCK_ENABLE
- AMAZON_BEDROCK_IMAGE_EMBED_MODEL_ID
- AMAZON_BEDROCK_TEXT_EMBED_MODEL_ID
- AMAZON_BEDROCK_VISION_MODEL_ID
- FIGMA_ACCESS_TOKEN
- FIGMA_API_BASE_URL
Security Notes
The `run_js-in-sandbox` tool utilizes Node.js `vm.createContext` for code execution, which offers context isolation but is explicitly stated in the documentation as 'NOT a security boundary' and 'intended for trusted automation logic'. It mitigates risks by carefully whitelisting safe built-ins and explicitly blocking dangerous Node.js APIs like `require`, `process`, and `fs`. The `run_js-in-browser` tool executes arbitrary JavaScript within the browser page context using Playwright's `page.evaluate()`, which is an inherent part of browser automation and operates with the permissions of the loaded web page. External API integrations, such as with Figma, rely on sensitive access tokens, which are configured via environment variables to avoid hardcoding.
Similar Servers
playwright-mcp
Provides a Model Context Protocol (MCP) server for LLMs to automate browser interactions using Playwright's accessibility tree, avoiding pixel-based vision models.
chrome-devtools-mcp
Control and inspect a live Chrome browser programmatically via an MCP server, enabling AI coding agents to perform reliable automation, in-depth debugging, and performance analysis.
flowlens-mcp-server
Provides coding agents with full browser context from recorded user flows for debugging and regression testing.
mcp-accessibility-scanner
Automated web accessibility scanning and browser automation using Playwright and Axe-core, enabling LLMs to perform WCAG compliance checks and generate reports.