Skip to main content
Browser MCP · mcp · 16 picks

MCP servers for browser automation

MCP servers and tools for browser control, screenshots, crawling, testing, scraping, and web workflow automation with Claude.

Curated by @heyclaude-editors Updated 2026-07-18

MCP servers and tools for browser control, screenshots, crawling, testing, scraping, and web workflow automation with Claude.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

1 trust signal differ across this comparison (Submitter).

Field

WebDriverIO MCP server that lets Claude automate browsers and mobile apps with navigation, clicks, typing, screenshots, accessibility snapshots, cookies, geolocation, native app sessions, and Appium-style gestures.

Open dossier

Browser-control MCP server and CLI that lets AI agents use a real Chrome session, including logged-in browser state, site adapters, DOM snapshots, authenticated fetches, network traces, screenshots, and page actions.

Open dossier

Browser automation MCP server and Chrome extension that lets AI applications control a connected tab in the user's existing browser profile.

Open dossier

Mozilla-maintained MCP server for automating Firefox through WebDriver BiDi, with tools for page navigation, snapshots, UID-based input, screenshots, network requests, console messages, dialogs, history, viewport changes, optional JavaScript evaluation, privileged Firefox contexts, preferences, and WebExtension.

Open dossier

Official Microsoft Playwright MCP server that lets Claude drive a real browser through Playwright's accessibility tree for fast, deterministic web automation and testing.

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustPackage not verifiedPackage not verifiedPackage not verifiedPackage not verifiedPackage not verified
Source provenanceSource-backedSource-backedSource-backedSource-backedSource-backed
SubmitterDiffersoktofeesh1oktofeesh1oktofeesh1oktofeesh1glorydavid03023
Install riskReview firstReview firstReview firstReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandWebDriverIO MCP Server logoWebDriverIO MCP ServerBrowserMCP logoBrowserMCPMicrosoft logoMicrosoft
Categorymcpmcpmcpmcpmcp
SourceSource-backedSource-backedSource-backedSource-backedSource-backed
AuthorWebdriverIOepiralBrowserMCPMozillaMicrosoft
Added2026-06-062026-06-062026-06-052026-06-062026-06-02
Platforms
Harness
Source repo
Safety notesWebDriverIO MCP Server can navigate pages, click elements, type values, scroll, switch frames or tabs, execute scripts, set cookies, delete cookies, set geolocation, and capture screenshots. Mobile tools can tap, swipe, drag, rotate devices, hide keyboards, switch native or web contexts, upload apps, and interact with iOS or Android sessions through WebDriverIO-compatible backends. Treat browser and mobile sessions as active automation, not passive inspection; use test accounts and avoid production workflows that can submit forms, trigger purchases, send messages, or mutate customer data. Script execution, cookie mutation, geolocation spoofing, and cloud-device provider integrations should be limited to reviewed test environments. HTTP transport mode can expose automation tools beyond a local stdio process; bind it carefully and require network controls before shared use.bb-browser can control a real browser session, inspect pages, click elements, fill inputs, evaluate JavaScript, fetch URLs with browser authentication, capture screenshots, and inspect network traffic. Commands may act as the logged-in user on social, finance, job, developer, shopping, and knowledge websites. Keep the daemon bound to trusted local interfaces unless you deliberately configure remote access through a private network. Review community site adapters before using them with authenticated accounts or valuable sessions. Require human approval before posting, submitting forms, changing account settings, applying to jobs, making purchases, or running destructive site actions.BrowserMCP can navigate pages, click controls, type text, submit forms, capture screenshots, inspect accessibility snapshots, read console logs, and automate the connected tab. Because it uses the user's real browser profile, logged-in sessions and account permissions may be available to the agent. Require human approval before purchases, messages, account changes, destructive actions, or actions that violate a site's terms. Use a test profile or non-production account for end-to-end testing and repetitive automation.Browser pages can contain prompt-injection text in visible content, hidden HTML, ARIA labels, console output, network responses, or page metadata. The server can navigate pages, click, hover, fill forms, drag, upload files, accept dialogs, dismiss dialogs, go through history, change viewport size, close tabs, and restart Firefox. Enabling evaluate_script allows arbitrary JavaScript in page context; compromised instructions could read page data, modify the DOM, or interact with accessible browser APIs. Enabling privileged context tools with the required Firefox system-access environment variable can expose privileged Firefox APIs and may extend beyond web-content sandbox boundaries. Connect-existing mode can attach to a real browsing session with cookies, logins, active tabs, history, and saved state, so avoid it unless the profile is dedicated to automation. Accepting insecure certificates weakens TLS validation and can hide man-in-the-middle or misconfiguration signals.Launches and controls a real browser process that can navigate to arbitrary URLs and submit forms on your behalf. Treat any site the agent visits as untrusted; only allow automation against pages and actions you intend to run. Persisted browser profiles can keep cookies and logged-in sessions between runs, so isolate sensitive accounts.
Privacy notesScreenshots, accessibility trees, app state, cookies, URLs, page content, form values, device metadata, geolocation, trace artifacts, and generated test code can be visible to the MCP client, model provider, logs, and local files. Browser sessions can inherit logged-in state, cookies, local storage, and private tabs from a test profile if profiles are reused. Mobile testing can expose app screens, notification content, identifiers, credentials, uploaded app binaries, device logs, and cloud-device provider metadata. Keep BrowserStack, Sauce Labs, Appium, application, and test-account credentials in secret storage or MCP environment configuration rather than prompts or repository files.Tab URLs, titles, DOM snapshots, page content, selected elements, screenshots, network requests, responses, console output, traces, and authenticated fetch results may be exposed to the MCP client and model. Browser login state is used by the page and browser; even if cookies are not extracted directly, commands can act through authenticated sessions. Network request bodies and response data may contain tokens, account data, personal messages, search history, customer information, or internal application data. The upstream privacy doc says communication is local and there is no telemetry or external server, but model providers still receive any data your MCP client sends in prompts or tool results.Connected tab content, screenshots, form fields, console logs, and page state may be exposed to the MCP client and model. Logged-in pages can contain personal data, customer information, credentials, tokens, internal URLs, or private documents. Although the project describes local automation, prompts and tool results still flow through the chosen AI application and model provider.Page content, DOM snapshots, accessibility labels, console messages, network requests, headers, screenshots, uploaded file paths, extension names, Firefox prefs, and browser logs can be sent to the MCP client and model. A regular Firefox profile can expose cookies, saved sessions, browsing history, account data, extensions, and private tabs to browser automation. Screenshot save paths, uploaded files, downloaded artifacts, and model transcripts can reveal local project names, test data, credentials shown on pages, or customer information. Use a separate profile, minimize enabled capabilities, avoid sensitive sites, and review provider/browser data handling before automating logged-in sessions.Page content, form input, and accessibility snapshots from visited sites are returned to the model context. Avoid driving the browser through pages that contain production credentials or private user data unless the profile is isolated.
Prerequisites
  • Node.js and npm or another package runner that can execute `@wdio/mcp`.
  • MCP client that can run local stdio servers, or a reviewed HTTP transport setup when using the server's HTTP mode.
  • Local browser, WebDriver, or WebDriverIO-compatible environment for the browser sessions you want Claude to control.
  • Appium, simulator, emulator, device, or cloud-device credentials when using iOS or Android automation.
  • Node.js 18 or newer.
  • Chrome session, local daemon, and Chrome extension or supported OpenClaw browser path configured according to the upstream README.
  • MCP client such as Claude Code, Codex, Cursor, or another compatible host.
  • Explicit approval to let an agent use the active browser's logged-in state.
  • Node.js installed for the MCP server.
  • Chrome or compatible Chromium browser.
  • BrowserMCP extension installed from the project site.
  • MCP client such as Claude, Cursor, VS Code, Windsurf, or another compatible host.
  • Node.js 20.19.0 or newer.
  • Local Firefox 100 or newer, or an explicit Firefox binary path passed through the documented CLI option.
  • A dedicated Firefox automation profile with no personal cookies, saved passwords, or regular browsing sessions.
  • Optional adb and Firefox for Android setup when using Android automation mode.
  • Node.js 18+ and npx available (verify with: npx --version)
  • Claude Code or Claude Desktop with MCP support
  • Internet access for the first run, which downloads the Playwright browser binaries
Install
npx -y @wdio/mcp@latest
npx -y bb-browser --mcp
npx @browsermcp/mcp@latest
npx -y firefox-devtools-mcp@latest
claude mcp add playwright -- npx @playwright/mcp@latest
Config
{
  "mcpServers": {
    "wdio-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@wdio/mcp@latest"
      ],
      "type": "stdio"
    }
  }
}
{
  "mcpServers": {
    "bb-browser": {
      "command": "npx",
      "args": ["-y", "bb-browser", "--mcp"]
    }
  }
}
{
  "mcpServers": {
    "browsermcp": {
      "command": "npx",
      "args": ["@browsermcp/mcp@latest"]
    }
  }
}
{
  "mcpServers": {
    "firefox-devtools": {
      "command": "npx",
      "args": [
        "-y",
        "firefox-devtools-mcp@latest",
        "--headless",
        "--viewport",
        "1280x720"
      ],
      "env": {
        "START_URL": "about:home",
        "FIREFOX_HEADLESS": "true"
      }
    }
  }
}
{
  "mcpServers": {
    "playwright": {
      "command": "npx",
      "args": [
        "@playwright/mcp@latest"
      ],
      "type": "stdio"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    WebDriverIO MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  2. 02
    Why it made the cut

    bb-browser MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  3. 03
    Why it made the cut

    BrowserMCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  4. 04
    Why it made the cut

    Firefox DevTools MCP is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  5. 05
    Why it made the cut

    Playwright MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  6. 06
    Why it made the cut

    Chrome MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  7. 07
    Why it made the cut

    Mobile MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  8. 08
    Why it made the cut

    Windows MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  9. 09
    Why it made the cut

    Jam MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  10. 10
    Why it made the cut

    Workato MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  11. 11
    Why it made the cut

    Zapier MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  12. 12
    Why it made the cut

    Agent Device MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  13. 13
    Why it made the cut

    Browserbase MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  14. 14
    Why it made the cut

    Zyntra - Temp e-mails MCP is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  15. 15
    Why it made the cut

    BrowserStack MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  16. 16
    Why it made the cut

    Oxylabs MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.