Multi-session browser MCP — 15 parallel isolated browsers, 37 tools, stealth, self-improvement.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-anthonybono21-cloud-leapfrog": {
"args": [
"-y",
"leapfrog-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Playwright MCP sends ~14,000 tokens for a content-heavy page like Hacker News. Most of that is noise. Your context window fills up. Your agent gets confused. You pay for it.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'leapfrog-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked leapfrog-mcp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in browser
Browser automation with Puppeteer for web scraping and testing
Self-hosted URL- and file-to-Markdown service for humans and AI agents - web pages, documents, images, audio, YouTube. PWA + REST + MCP + Claude Code skill, Reddit-aware, refreshable share links.
🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.
The Apify MCP server enables your AI agents to extract data from social media, search engines, maps, e-commerce sites, or any other website using thousands of ready-made scrapers, crawlers, and automation tools available on the Apify Store.
MCP Security Weekly
Get CVE alerts and security updates for io.github.anthonybono21-cloud/leapfrog and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Multi-session browser MCP for AI agents.
36 tools. 15 parallel sessions. Stealth. HUD. Self-improvement. Up to 10x fewer tokens.
npm i leapfrog-mcp | Works with Claude Code, Cursor, Windsurf
Playwright MCP sends ~14,000 tokens for a content-heavy page like Hacker News. Most of that is noise. Your context window fills up. Your agent gets confused. You pay for it.
Leapfrog sends ~1,400 tokens. Same page. Same information. Up to 10x less noise.
┌─────────────────────────────────────────────────────┐
│ Playwright MCP │
│ ████████████████████████████████████████ ~14,000 │
│ │
│ Leapfrog │
│ █████ ~1,400 │
└─────────────────────────────────────────────────────┘
tokens per page (Hacker News, real test)
Savings range from 2-10x depending on page complexity. Content-heavy pages see the biggest wins. Dense forms see the smallest. The median across real-world sites is ~4-5x.
npx leapfrog-mcp --doctor # verify everything works
npx leapfrog-mcp --stealth-audit # test all 19 stealth patches
npx leapfrog-mcp --config # print MCP config to paste
Add to ~/.mcp.json (Claude Code) or your editor's MCP config:
{
"leapfrog": {
"command": "npx",
"args": ["-y", "leapfrog-mcp"],
"env": {
"LEAP_MAX_SESSIONS": "15",
"LEAP_TILE": "true",
"LEAP_HUD": "true",
"LEAP_AUTO_CONSENT": "true"
}
}
}
Leapfrog uses playwright-core (15MB) instead of playwright (1.6GB) and does not bundle a browser. Either:
LEAP_CHANNEL=chrome to use your installed Chrome/Chromium (recommended)npx playwright-core install chromium to install the bundled Chromium binaryLEAP_CDP_ENDPOINT to connect to an already-running Chrome instance| Leapfrog | Playwright MCP | agent-browser | |
|---|---|---|---|
| Tokens per page | ~1,200-2,500 | ~3,800-15,000 | ~300 |
| Parallel sessions | 15 | 1 | 1 |
| Session isolation | Yes | No | No |
| Multi-tab / popups | Yes | No | No |
| Network intercept | Yes | No | No |
| Console capture | Yes | Yes | No |
| Stealth / anti-bot | Yes | No | No |
| Smart wait (5 types) | Yes | Basic | No |
| Crash recovery | Yes | No | No |
| Batch actions (100/call) | Yes | No | No |
| Init script injection | Yes | Yes | No |
| Drag / upload / resize | Yes | Yes | No |
| Per-session proxy | Yes | No | No |
| Humanization (opt-in) | Yes | No | No |
| Auth profile reuse | Yes | No | No |
| Cookie persistence | Yes | No | No |
| Page classification (18) | Yes | No | No |
| Session memory | Yes | No | No |
| API intelligence | Yes | No | No |
| Adaptive wait + auto-retry | Yes | No | No |
| CAPTCHA auto-resolve | Yes | No | No |
| Self-improvement (9 dims) | Yes | No | No |
| Record / replay | Yes | No | No |
| Pagination extraction | Yes | No | No |
| Incremental snapshots (diff) | Yes | No | No |
| Stealth self-test CLI | Yes | No | No |
| SSRF protection | Yes | No | No |
Leapfrog ships 19 anti-detection patches enabled by default (LEAP_STEALTH=true). Four modes:
true (default) — all 19 patches activepassive — removes automation signals only (webdriver, HeadlessChrome). Does NOT fake identity (WebGL, fonts, audio). Better for sites where trust matters more than evasion.auto — per-domain EXP3 bandit selects the optimal stealth configuration based on what's worked beforefalse — no stealth patchesThese cover the vectors that fingerprint services like CreepJS and fingerprint-pro actually check: