Skip to main content
hc
Submit
4 compared

Testing & QA MCP servers compared

Testing and QA MCP servers that let Claude run and inspect test suites, compared on trust, setup, and safety.

Open in the interactive comparison tool
FieldCypress Cloud MCP Server

Official remote MCP server for connecting Claude and other AI coding tools to Cypress Cloud runs, failures, flake data, accessibility reports, and UI Coverage results.

Open dossier 		BrowserStack MCP Server for Claude

Connect Claude to BrowserStack for permission-scoped web, app, accessibility, and test automation workflows.

Open dossier 		Postman MCP Server for Claude

Official Postman MCP Server for connecting Claude, Codex, Cursor, VS Code, Gemini CLI, and other MCP clients to Postman workspaces, collections, specifications, mocks, monitors, environments, API definitions, and code generation workflows.

Open dossier 		WebDriverIO MCP Server

WebDriverIO MCP server that lets Claude automate browsers and mobile apps with navigation, clicks, typing, screenshots, accessibility snapshots, cookies, geolocation, native app sessions, and Appium-style gestures.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorymcpmcpmcpmcp
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorCypressBrowserStackPostmanWebdriverIO
Added2026-06-062026-06-032026-06-042026-06-06
Platforms
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesCypress Cloud MCP is a remote server hosted by Cypress and authenticated through OAuth or a Cypress MCP personal access token. OAuth sessions and personal access tokens are scoped to the user's Cypress Cloud role and permissions in MCP-enabled organizations. Tools can expose test run status, failed test details, stack traces, flaky test data, Accessibility reports, UI Coverage reports, UI element coverage, and Test Replay links. The `cypress_feedback` tool can send feedback directly to Cypress from the agentic environment; require review before using it in team workflows. Use least-privilege Cypress Cloud roles, revoke OAuth sessions or PATs when no longer needed, and keep tokens out of config files, issues, logs, and screenshots.BrowserStack MCP tools can launch real browser and device sessions, run web and app automation, start accessibility scans, fetch screenshots and logs, and create or update Test Management assets. Access is bounded by the BrowserStack account, plan, product access, and user permissions connected to the MCP server. Use a dedicated account or least-privilege access key when possible. Review prompts before allowing Claude to start sessions, run tests, upload apps, upload PRDs or screenshots, create test cases, update test results, or change BrowserStack project state. BrowserStack Local can expose localhost, staging, VPN, or internal application traffic to BrowserStack's cloud testing infrastructure for the duration of a session. Use it only for approved environments. Test runs, device minutes, accessibility scans, and automation sessions can consume BrowserStack quota or incur account usage. Keep automated loops and retry behavior explicit.Postman MCP can operate on real Postman resources. Treat collection edits, workspace changes, environment updates, monitor changes, mock changes, specification creation, documentation updates, and generated code as review-required operations. Start with the `minimal` remote endpoint when the task only needs basic Postman operations. Use `code` or `full` only after reviewing the broader tool surface and the resources exposed to the assistant. The `full` configuration exposes all available Postman API tools, which Postman documents as 100+ tools. Do not use it by default for exploratory chats or untrusted repositories. Postman recommends reviewing and confirming operations that make changes or are destructive. Require a human check before accepting assistant-generated deletes, bulk updates, monitor edits, mock edits, documentation rewrites, collection rewrites, or spec-to-code changes. Pass specific resource IDs when possible. Postman notes this reduces extra API calls and helps avoid the assistant selecting the wrong workspace, collection, environment, monitor, mock, or specification by name. Local stdio and Docker modes run the Postman MCP server on the user's machine and require a Postman API key. Pin the npm package version or Docker image when reproducibility matters, and keep credentials out of committed MCP configs. EU remote endpoints do not support OAuth according to Postman's docs; use API-key authentication there and verify the region before connecting customer or regulated API assets.WebDriverIO MCP Server can navigate pages, click elements, type values, scroll, switch frames or tabs, execute scripts, set cookies, delete cookies, set geolocation, and capture screenshots. Mobile tools can tap, swipe, drag, rotate devices, hide keyboards, switch native or web contexts, upload apps, and interact with iOS or Android sessions through WebDriverIO-compatible backends. Treat browser and mobile sessions as active automation, not passive inspection; use test accounts and avoid production workflows that can submit forms, trigger purchases, send messages, or mutate customer data. Script execution, cookie mutation, geolocation spoofing, and cloud-device provider integrations should be limited to reviewed test environments. HTTP transport mode can expose automation tools beyond a local stdio process; bind it carefully and require network controls before shared use.
Privacy notesCypress Cloud MCP results can reveal project names, run URLs, branch names, commit context, test names, specs, failure messages, stack traces, Test Replay links, Accessibility findings, DOM selectors, view names, and UI Coverage details. Test failures and replay links may expose application UI, customer-facing flows, internal routes, test data, accessibility issues, or unreleased feature names. Personal access tokens are shown once in Cypress Cloud; store them only in approved secret stores or environment variables and rotate them when exposed. Tool outputs become part of the MCP client and model transcript, so treat Cloud MCP sessions as access to live engineering quality data.BrowserStack may receive URLs, app binaries, test packages, screenshots, videos, console logs, network logs, accessibility scan results, failure logs, Test Management records, and uploaded PRD or screenshot files, depending on the tools invoked. Store `BROWSERSTACK_USERNAME` and `BROWSERSTACK_ACCESS_KEY` in MCP environment configuration or your client's secret-management flow, not in prompts, chat transcripts, or checked-in files. The local MCP server runs on the user's machine and can keep credentials in local environment configuration. The remote MCP option uses OAuth and avoids manually passing an access key to the client. Returned session links, screenshots, logs, test results, and AI-generated fixes can become visible to the connected MCP client and model session.Tool calls can expose Postman workspace metadata, collection names, request URLs, headers, examples, documentation, comments, environments, variable names, API specifications, mocks, monitors, and generated code context to the connected AI client. Environment variables and collection variables may contain credentials, internal hostnames, customer identifiers, test tokens, bearer tokens, session cookies, webhook URLs, or staging API details. Scrub secrets before pasting raw Postman data into prompts, issues, tickets, or chat tools. OAuth grants and Postman API keys represent a real Postman identity. Rotate exposed API keys, remove stale MCP configs, and audit workspace membership when a project or assistant no longer needs access. Claude, Codex, IDE logs, MCP client transcripts, terminal history, screenshots, generated code, and support bundles can retain Postman-derived API details outside Postman's normal access controls. The remote server sends MCP requests to Postman-hosted endpoints. Local stdio and Docker modes still call Postman APIs with the configured API key when managing cloud-hosted Postman resources.Screenshots, accessibility trees, app state, cookies, URLs, page content, form values, device metadata, geolocation, trace artifacts, and generated test code can be visible to the MCP client, model provider, logs, and local files. Browser sessions can inherit logged-in state, cookies, local storage, and private tabs from a test profile if profiles are reused. Mobile testing can expose app screens, notification content, identifiers, credentials, uploaded app binaries, device logs, and cloud-device provider metadata. Keep BrowserStack, Sauce Labs, Appium, application, and test-account credentials in secret storage or MCP environment configuration rather than prompts or repository files.
Prerequisites
  • Cypress Cloud organization with the Cloud MCP integration enabled by an administrator.
  • Cypress Cloud user account with access to the projects, runs, branches, and reports Claude should inspect.
  • MCP client with remote HTTP support and OAuth, or a Cypress Cloud MCP personal access token for clients without OAuth.
  • Cypress Cloud plan/subscriptions for any plan-specific data Claude should use, such as flaky test reporting, Accessibility, or UI Coverage data.
  • BrowserStack account with access to the products and projects you want Claude to use
  • BrowserStack username and access key for local MCP setup, or OAuth access for the remote MCP server
  • Node.js 18+ for the npm package; BrowserStack recommends the current Node.js LTS release
  • Claude Desktop, VS Code, Cursor, Cline, or another MCP-capable client
  • Postman account with access to the workspaces, collections, specifications, mocks, monitors, and environments the assistant should inspect or manage.
  • MCP-capable client such as Claude Code, Claude Desktop, Codex CLI, Cursor, VS Code, Windsurf, Gemini CLI, Kiro, or another compatible environment.
  • Authentication choice: OAuth for the US remote server when the MCP client supports it, or a Postman API key for EU remote, local stdio, Docker, or API-key fallback setup.
  • Tool-mode choice: `minimal` for essential Postman operations, `code` for API-definition search and client-code generation, or `full` for the complete Postman API tool surface.
  • Node.js and npm or another package runner that can execute `@wdio/mcp`.
  • MCP client that can run local stdio servers, or a reviewed HTTP transport setup when using the server's HTTP mode.
  • Local browser, WebDriver, or WebDriverIO-compatible environment for the browser sessions you want Claude to control.
  • Appium, simulator, emulator, device, or cloud-device credentials when using iOS or Android automation.
Install
claude mcp add cypress-cloud https://mcp.cypress.io/mcp --transport http
claude mcp add browserstack --env BROWSERSTACK_USERNAME=YOUR_USERNAME --env BROWSERSTACK_ACCESS_KEY=YOUR_ACCESS_KEY -- npx -y @browserstack/mcp-server@latest
claude mcp add --transport http postman https://mcp.postman.com/minimal
npx -y @wdio/mcp@latest
Config
{
  "mcpServers": {
    "cypress-cloud": {
      "type": "http",
      "url": "https://mcp.cypress.io/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_CYPRESS_MCP_TOKEN"
      }
    }
  }
}
Manual-only setup:
{
  "browserstack": {
    "command": "npx",
    "args": ["-y", "@browserstack/mcp-server@latest"],
    "env": {
      "BROWSERSTACK_USERNAME": "<username>",
      "BROWSERSTACK_ACCESS_KEY": "<access key>"
    }
  }
}
{
  "mcpServers": {
    "postman": {
      "type": "http",
      "url": "https://mcp.postman.com/minimal"
    }
  }
}
{
  "mcpServers": {
    "wdio-mcp": {
      "command": "npx",
      "args": [
        "-y",
        "@wdio/mcp@latest"
      ],
      "type": "stdio"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed
More comparisons, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.