Local Chrome via CDP with profile-snapshot isolation and shared-broker multi-client support
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"browser": {
"args": [
"-y",
"browser-mcp-cdp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A Model Context Protocol (MCP) server that drives your real local Chrome via the Chrome DevTools Protocol. Designed for agents that need access to your logged-in sessions (Gmail, internal dashboards, banking, etc.) without uploading credentials to a cloud service.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'browser-mcp-cdp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked browser-mcp-cdp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in browser / developer-tools
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
Manage Supabase projects — databases, auth, storage, and edge functions
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
MCP Security Weekly
Get CVE alerts and security updates for io.github.zhiqi-li/browser-mcp-cdp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A Model Context Protocol (MCP) server that drives your real local Chrome via the Chrome DevTools Protocol. Designed for agents that need access to your logged-in sessions (Gmail, internal dashboards, banking, etc.) without uploading credentials to a cloud service.
Different tradeoffs from the alternatives:
| browser-mcp-cdp | Playwright MCP | Chrome DevTools MCP | |
|---|---|---|---|
| Browser | Your local Chrome | Managed Playwright Chromium | Your local Chrome |
| Login state | ✅ Snapshot of your profile (cookies, logins, IndexedDB) | ❌ Fresh profile | ✅ Real profile (modifies it) |
| Profile isolation | ✅ Copy-on-start, real profile untouched | N/A | ⚠️ Direct attach |
| Multi-client | ✅ Shared broker across MCP clients | ❌ Per-client | ❌ Per-client |
| Dependencies | Node only (no Playwright download) | Playwright + browsers | Node only |
The profile snapshot pattern means you can ask an agent to "check my email" — it sees your Gmail logged in — but the agent's actions never modify your real Chrome profile. Each session gets a disposable copy.
claude mcp add browser -- npx -y browser-mcp-cdp
Or add manually to ~/.claude.json / Claude Desktop config:
{
"mcpServers": {
"browser": {
"command": "npx",
"args": ["-y", "browser-mcp-cdp"]
}
}
}
Requires Node 18+ and Google Chrome installed.
| Tool | Purpose |
|---|---|
browser_navigate | Load a URL, return final URL + title |
browser_evaluate | Run JS in the page, return result |
browser_screenshot | PNG of current page |
browser_click | Click via CSS selector |
browser_click_at | Click at pixel coordinates (pierces iframes / overlays) |
browser_fill | Set value on input/textarea/select |
browser_wait_for | Wait for a selector to appear |
browser_get_url | Current URL |
browser_get_text | Visible text of page or element |
browser_get_html | outerHTML of page or element |
browser_scroll | Scroll by (x, y) pixels |
browser_tabs | List open tabs |
browser_new_tab | Open a new tab |
| Var | Default |
|---|---|
BROWSER_MCP_CHROME_PATH | Auto-detected per OS |
BROWSER_MCP_CHROME_PROFILE_ROOT | OS-standard Chrome profile dir |
BROWSER_MCP_BROKER_SOCKET_PATH | ~/.browser-mcp/broker.sock |
BROWSER_MCP_BROKER_LOCK_PATH | ~/.browser-mcp/broker.lock |
BROWSER_MCP_BROKER_IDLE_TIMEOUT_MS | 600000 (10 min) |
--user-data-dir=<temp> and --remote-debugging-port.BROKER_IDLE_TIMEOUT_MS of no activity; temp profile is deleted.This server lets an LLM execute arbitrary JavaScript in a browser that is logged into your accounts. Only use with models and prompts you trust. Profile snapshotting limits damage (no persistent mutations to your real Chrome), but the agent can read cookies, session tokens, and any data visible to logged-in you for the duration of the session.
MIT