MCP servers for browser automation
MCP servers and tools for browser control, screenshots, crawling, testing, scraping, and web workflow automation with Claude.
MCP servers and tools for browser control, screenshots, crawling, testing, scraping, and web workflow automation with Claude.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
1 trust signal differ across this comparison (Submitter).
| Field | WebDriverIO MCP server that lets Claude automate browsers and mobile apps with navigation, clicks, typing, screenshots, accessibility snapshots, cookies, geolocation, native app sessions, and Appium-style gestures. Open dossier | Browser-control MCP server and CLI that lets AI agents use a real Chrome session, including logged-in browser state, site adapters, DOM snapshots, authenticated fetches, network traces, screenshots, and page actions. Open dossier | Browser automation MCP server and Chrome extension that lets AI applications control a connected tab in the user's existing browser profile. Open dossier | Mozilla-maintained MCP server for automating Firefox through WebDriver BiDi, with tools for page navigation, snapshots, UID-based input, screenshots, network requests, console messages, dialogs, history, viewport changes, optional JavaScript evaluation, privileged Firefox contexts, preferences, and WebExtension. Open dossier | Official Microsoft Playwright MCP server that lets Claude drive a real browser through Playwright's accessibility tree for fast, deterministic web automation and testing. Open dossier |
|---|---|---|---|---|---|
| Next steps | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trust | Package not verified | Package not verified | Package not verified | Package not verified | Package not verified |
| Source provenance | Source-backed | Source-backed | Source-backed | Source-backed | Source-backed |
| SubmitterDiffers | oktofeesh1 | oktofeesh1 | oktofeesh1 | oktofeesh1 | glorydavid03023 |
| Install risk | Review first | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | — | |||
| Category | mcp | mcp | mcp | mcp | mcp |
| Source | Source-backed | Source-backed | Source-backed | Source-backed | Source-backed |
| Author | WebdriverIO | epiral | BrowserMCP | Mozilla | Microsoft |
| Added | 2026-06-06 | 2026-06-06 | 2026-06-05 | 2026-06-06 | 2026-06-02 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓WebDriverIO MCP Server can navigate pages, click elements, type values, scroll, switch frames or tabs, execute scripts, set cookies, delete cookies, set geolocation, and capture screenshots. Mobile tools can tap, swipe, drag, rotate devices, hide keyboards, switch native or web contexts, upload apps, and interact with iOS or Android sessions through WebDriverIO-compatible backends. Treat browser and mobile sessions as active automation, not passive inspection; use test accounts and avoid production workflows that can submit forms, trigger purchases, send messages, or mutate customer data. Script execution, cookie mutation, geolocation spoofing, and cloud-device provider integrations should be limited to reviewed test environments. HTTP transport mode can expose automation tools beyond a local stdio process; bind it carefully and require network controls before shared use. | ✓bb-browser can control a real browser session, inspect pages, click elements, fill inputs, evaluate JavaScript, fetch URLs with browser authentication, capture screenshots, and inspect network traffic. Commands may act as the logged-in user on social, finance, job, developer, shopping, and knowledge websites. Keep the daemon bound to trusted local interfaces unless you deliberately configure remote access through a private network. Review community site adapters before using them with authenticated accounts or valuable sessions. Require human approval before posting, submitting forms, changing account settings, applying to jobs, making purchases, or running destructive site actions. | ✓BrowserMCP can navigate pages, click controls, type text, submit forms, capture screenshots, inspect accessibility snapshots, read console logs, and automate the connected tab. Because it uses the user's real browser profile, logged-in sessions and account permissions may be available to the agent. Require human approval before purchases, messages, account changes, destructive actions, or actions that violate a site's terms. Use a test profile or non-production account for end-to-end testing and repetitive automation. | ✓Browser pages can contain prompt-injection text in visible content, hidden HTML, ARIA labels, console output, network responses, or page metadata. The server can navigate pages, click, hover, fill forms, drag, upload files, accept dialogs, dismiss dialogs, go through history, change viewport size, close tabs, and restart Firefox. Enabling evaluate_script allows arbitrary JavaScript in page context; compromised instructions could read page data, modify the DOM, or interact with accessible browser APIs. Enabling privileged context tools with the required Firefox system-access environment variable can expose privileged Firefox APIs and may extend beyond web-content sandbox boundaries. Connect-existing mode can attach to a real browsing session with cookies, logins, active tabs, history, and saved state, so avoid it unless the profile is dedicated to automation. Accepting insecure certificates weakens TLS validation and can hide man-in-the-middle or misconfiguration signals. | ✓Launches and controls a real browser process that can navigate to arbitrary URLs and submit forms on your behalf. Treat any site the agent visits as untrusted; only allow automation against pages and actions you intend to run. Persisted browser profiles can keep cookies and logged-in sessions between runs, so isolate sensitive accounts. |
| Privacy notes | ✓Screenshots, accessibility trees, app state, cookies, URLs, page content, form values, device metadata, geolocation, trace artifacts, and generated test code can be visible to the MCP client, model provider, logs, and local files. Browser sessions can inherit logged-in state, cookies, local storage, and private tabs from a test profile if profiles are reused. Mobile testing can expose app screens, notification content, identifiers, credentials, uploaded app binaries, device logs, and cloud-device provider metadata. Keep BrowserStack, Sauce Labs, Appium, application, and test-account credentials in secret storage or MCP environment configuration rather than prompts or repository files. | ✓Tab URLs, titles, DOM snapshots, page content, selected elements, screenshots, network requests, responses, console output, traces, and authenticated fetch results may be exposed to the MCP client and model. Browser login state is used by the page and browser; even if cookies are not extracted directly, commands can act through authenticated sessions. Network request bodies and response data may contain tokens, account data, personal messages, search history, customer information, or internal application data. The upstream privacy doc says communication is local and there is no telemetry or external server, but model providers still receive any data your MCP client sends in prompts or tool results. | ✓Connected tab content, screenshots, form fields, console logs, and page state may be exposed to the MCP client and model. Logged-in pages can contain personal data, customer information, credentials, tokens, internal URLs, or private documents. Although the project describes local automation, prompts and tool results still flow through the chosen AI application and model provider. | ✓Page content, DOM snapshots, accessibility labels, console messages, network requests, headers, screenshots, uploaded file paths, extension names, Firefox prefs, and browser logs can be sent to the MCP client and model. A regular Firefox profile can expose cookies, saved sessions, browsing history, account data, extensions, and private tabs to browser automation. Screenshot save paths, uploaded files, downloaded artifacts, and model transcripts can reveal local project names, test data, credentials shown on pages, or customer information. Use a separate profile, minimize enabled capabilities, avoid sensitive sites, and review provider/browser data handling before automating logged-in sessions. | ✓Page content, form input, and accessibility snapshots from visited sites are returned to the model context. Avoid driving the browser through pages that contain production credentials or private user data unless the profile is isolated. |
| Prerequisites |
|
|
|
|
|
| Install | | | | | |
| Config | | | | | |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
WebDriverIO MCP Server
Automate browsers, mobile apps, screenshots, accessibility snapshots, cookies, geolocation, and gestures from Claude with WebDriverIO.
Added 1mo agoSafety ✓ Privacy ✓by WebdriverIO · submitted by oktofeesh1Why it made the cutWebDriverIO MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 02
bb-browser MCP Server
Connect Claude, Codex, Cursor, and other agents to a local Chrome session with bb-browser's MCP mode, local daemon, Chrome extension, 100+ site commands, browser automation tools, and local-only privacy model.
Added 1mo agoSafety ✓ Privacy ✓by epiral · submitted by oktofeesh1Why it made the cutbb-browser MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 03
BrowserMCP Server
Automate real browser tabs from Claude, Cursor, VS Code, Windsurf, and other MCP clients through BrowserMCP.
Added 1mo agoSafety ✓ Privacy ✓by BrowserMCP · submitted by oktofeesh1Why it made the cutBrowserMCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 04
Firefox DevTools MCP
Connect Claude to local Firefox DevTools automation through WebDriver BiDi.
Added 1mo agoSafety ✓ Privacy ✓by Mozilla · submitted by oktofeesh1Why it made the cutFirefox DevTools MCP is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 05
Playwright MCP Server for Claude
Official Microsoft MCP server for browser automation, letting Claude navigate, click, type, and snapshot pages through Playwright's accessibility tree.
Added 1mo agoSafety ✓ Privacy ✓by Microsoft · submitted by glorydavid03023Why it made the cutPlaywright MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 06
Chrome MCP Server
Let MCP clients control and inspect a local Chrome browser through the mcp-chrome extension and bridge.
Added 1mo agoSafety ✓ Privacy ✓by hangwin · submitted by oktofeesh1Why it made the cutChrome MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 07
Mobile MCP Server
Automate iOS and Android apps from MCP clients across simulators, emulators, and real devices.
Added 1mo agoSafety ✓ Privacy ✓by mobile-next · submitted by oktofeesh1Why it made the cutMobile MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 08
Windows MCP Server
Automate Windows apps, UI flows, and desktop QA tasks from MCP clients with Windows MCP.
Added 1mo agoSafety ✓ Privacy ✓by CursorTouch · submitted by oktofeesh1Why it made the cutWindows MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 09
Jam MCP Server for Claude
Debug faster with AI agents that access video recordings, console logs, and network requests
Added 10mo agoSafety ✓ Privacy ✓by JamWhy it made the cutJam MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 10
Workato MCP Server for Claude
Access any application, workflows, or data via Workato's integration platform
Added 10mo agoSafety ✓ Privacy ✓by WorkatoWhy it made the cutWorkato MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 11
Zapier MCP Server for Claude
Connect to nearly 8,000 apps through Zapier's automation platform
Added 10mo agoSafety ✓ Privacy ✓by ZapierWhy it made the cutZapier MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 12
Agent Device MCP Server
Inspect and control real app sessions with agent-device MCP tools.
Added 1mo agoSafety ✓ Privacy ✓by Callstack · submitted by oktofeesh1Why it made the cutAgent Device MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 13
Browserbase MCP Server
Give Claude, Cursor, VS Code, and other MCP clients cloud browser automation through Browserbase and Stagehand.
Added 1mo agoSafety ✓ Privacy ✓by Browserbase · submitted by oktofeesh1Why it made the cutBrowserbase MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 14
Zyntra - Temp e-mails MCP
Disposable email inboxes for AI agents and test automation.
Added 2mo agoSafety ✓ Privacy ✓by dd77ssWhy it made the cutZyntra - Temp e-mails MCP is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 15
BrowserStack MCP Server for Claude
Official BrowserStack MCP server for running browser and device testing, fetching automation artifacts, and managing test workflows.
Added 1mo agoSafety ✓ Privacy ✓by BrowserStack · submitted by oktofeesh1Why it made the cutBrowserStack MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 16
Oxylabs MCP Server for Claude
Official Oxylabs MCP: universal scraping, SERP scraping, Amazon scraping & AI extraction from Claude.
Added 1mo agoSafety ✓ Privacy ✓by OxylabsWhy it made the cutOxylabs MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.