npm · server-puppeteer2025.5.12

Evidence

import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";

import { CallToolRequestSchema, ListResourcesRequestSchema, ListToolsRequestSchema, ReadResourceRequestSchema, } from "@modelcontextprotocol/sdk/types.js";

import puppeteer from "puppeteer";

// Define the tools once to avoid repetition

const TOOLS = [

    {

        name: "puppeteer_navigate",

RemediationAI

The tool 'puppeteer_navigate' uses a generic name that conflicts with reserved MCP browser tools, creating ambiguity and potential routing errors. Rename the tool in the TOOLS array from 'puppeteer_navigate' to 'puppeteer_navigate' is already prefixed, but ensure all tool names consistently use the 'puppeteer_' prefix and verify no aliases or alternate names exist without it. Run `grep -n '"name".*navigate' index.js` to confirm only prefixed variants are registered, then test that the MCP client correctly routes requests to your server's tool without collision.

Evidence

},

            required: ["url"],

        },

    },

    {

        name: "puppeteer_screenshot",

        description: "Take a screenshot of the current page or a specific element",

RemediationAI

The tool 'puppeteer_screenshot' lacks a server-specific prefix, shadowing potential reserved browser tools and causing name collision risks. Change the tool name in the TOOLS array from 'puppeteer_screenshot' to ensure it retains the 'puppeteer_' prefix throughout the definition; verify the name field, handler function, and any client-side references all use the consistent prefixed name. Execute `npm run build && grep -c 'puppeteer_screenshot' dist/index.js` to confirm the prefixed name appears in compiled output, then test tool invocation via the MCP client to verify correct routing.

Evidence

encoded: { type: "boolean", description: "If true, capture the screenshot as a base64-encoded data URI (as text) instead of binary image content. Default false." },

            },

            required: ["name"],

        },

    },

    {

        name: "puppeteer_click",

RemediationAI

The tool 'puppeteer_click' uses a short name without a server-specific prefix, risking collision with reserved or third-party tools. Rename the tool in the TOOLS array to maintain the 'puppeteer_' prefix and update all corresponding handler references and documentation. Verify the fix by running `grep -n '"name".*click' index.js` to ensure only 'puppeteer_click' appears, then invoke the tool via MCP client to confirm it executes without routing ambiguity.

Evidence

const TOOLS = [

    {

        name: "puppeteer_navigate",

        description: "Navigate to a URL",

        inputSchema: {

            type: "object",

            properties: {

RemediationAI

The 'puppeteer_navigate' tool description fails to disclose that it performs arbitrary network requests to user-supplied URLs, a significant side effect with security implications. Expand the description to: 'Navigate to a URL (performs network request to arbitrary destination)' to transparently declare the network side effect. This remediation ensures clients understand the tool can reach any URL and apply appropriate trust boundaries; verify by checking the updated description in the compiled output and confirming it appears in tool listings.

Evidence

const TOOLS = [

    {

        name: "puppeteer_navigate",

        description: "Navigate to a URL",

        inputSchema: {

            type: "object",

            properties: {

RemediationAI

The 'puppeteer_navigate' tool description fails to disclose that it performs arbitrary network requests to user-supplied URLs, a significant side effect with security implications. Expand the description to: 'Navigate to a URL (performs network request to arbitrary destination)' to transparently declare the network side effect. This remediation ensures clients understand the tool can reach any URL and apply appropriate trust boundaries; verify by checking the updated description in the compiled output and confirming it appears in tool listings.

Evidence

},

            required: ["url"],

        },

    },

    {

        name: "puppeteer_screenshot",

        description: "Take a screenshot of the current page or a specific element",

RemediationAI

The 'puppeteer_screenshot' tool description omits that it creates and stores screenshot files on the filesystem, a side effect affecting disk usage and data persistence. Update the description to: 'Take a screenshot of the current page or a specific element (creates/stores files on filesystem)' to disclose the filesystem side effect. This change makes the tool's true behavior transparent to clients; verify by rebuilding and confirming the updated description appears in `ListTools` responses.

RemediationAI

The package.json declares @modelcontextprotocol/sdk version 1.0.1, which has 2 known HIGH-severity CVEs (GHSA-8r9q-7v3j-jr4g and GHSA-w48q-cv73-mx4w). Update the version field in package.json to a patched release (e.g., 1.1.0 or later, depending on availability) and run `npm install` to fetch the secure version. Verify the fix by running `npm audit` to confirm the CVEs are no longer reported and `npm ls @modelcontextprotocol/sdk` to confirm the new version is installed.

Evidence

],

  "scripts": {

    "build": "tsc && shx chmod +x dist/*.js",

    "prepare": "npm run build",

    "watch": "tsc --watch"

  },

  "dependencies": {

RemediationAI

The package.json includes a 'prepare' script that runs `npm run build` on every install, executing arbitrary code during package installation without explicit user consent. Review whether the build step is truly necessary at install time; if not, remove the 'prepare' script and document that users should run `npm run build` manually after install. If the build is necessary, add a comment in package.json explaining why and document it in README.md so reviewers can audit the hook's necessity and contents.

Evidence

# Puppeteer

A Model Context Protocol server that provides browser automation capabilities using Puppeteer. This server enables LLMs to interact with web pages, take screenshots, and execute JavaScript in a real browser environment.

## Components

### Tools

- **puppeteer_navigate**

  - Navigate to any URL in the browser

  - Inputs:

    - `url` (string, required): URL to navigate to

    - `launchOptions` (object, optional): PuppeteerJS LaunchOptions. Default null. If changed and not null, brow

RemediationAI

The MCP manifest and README lack any declaration of authentication or authorization mechanisms, making it unclear whether the server enforces access control or relies on network/host-level security. Add an 'auth' or 'authorization' field to the manifest (or a dedicated section in README.md) explicitly stating the authentication model—e.g., 'No authentication; relies on host-level network isolation' or 'Bearer token required via MCP transport layer'. This remediation allows auditors to understand the security boundary; verify by documenting the auth model in README.md and confirming it matches the actual implementation in index.js.