puppeteer-mcp-server
Verified Safeby sultannaufal
Overview
Automating browser interactions and web scraping via an MCP server.
Installation
docker compose --env-file .env up -dEnvironment Variables
- API_KEY
Security Notes
The `puppeteer_evaluate` tool allows executing arbitrary JavaScript code in the browser, which is an inherent security risk, even with input validation. The `allowDangerous` flag in `puppeteer_navigate` can also expose the browser to less secure configurations if explicitly enabled. However, the project implements robust security measures including API key authentication, URL, script, and selector safety validations, Helmet.js, CORS, rate limiting, and runs Puppeteer in a sandboxed, non-root Docker environment. Binary image serving is not authenticated but relies on temporary, UUID-based URLs and automatic cleanup.
Similar Servers
firecrawl-mcp-server
Provides web scraping, crawling, search, and structured data extraction capabilities to AI models via the Model Context Protocol.
fetcher-mcp
Fetch web page content using a Playwright headless browser, capable of handling dynamic JavaScript, intelligent content extraction, and parallel URL processing.
fetcher-mcp
Fetches web page content using Playwright headless browser for AI-powered content retrieval.
playwright-mcp-server
Provides a minimal yet robust server for AI agents to automate web browser interactions including navigation, DOM manipulation, and network monitoring, with an emphasis on token-aware outputs.