Tracked packageView full profile for browser-tools-mcp →

MCPSafe.io

Security pre-install checks for MCP servers.

Mostly safe — a couple of notes worth reading.

Compare to another server

npm · browser-tools-mcp1.2.1

Item: browser-tools-mcp
Rating: 4
Author: MCPSafe

Scanned 5/1/2026, 11:36:49 AM·Cached result·Fast Scan·45 rules·View source ↗·How we decide ↗

AIVSS Score

2.8/ 10

Low

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packagebrowser-tools-mcp

Version1.2.1

SourceNPM

LicenseMIT

Publishertedjames24

Package age1y 2m

Stars—

Downloads/wk2.9K

Dependencies7

Findings

4 of 4 findings

medium (4)

4 findings

medium (4)

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

async () => {
    return await withServerConnection(async () => {
      try {
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/best-practices-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/best-practices-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

return await withServerConnection(async () => {
      try {
        // Simplified approach - let the browser connector handle the current tab and URL
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/accessibility-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/accessibility-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

async () => {
    return await withServerConnection(async () => {
      try {
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/seo-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/seo-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

return await withServerConnection(async () => {
      try {
        // Simplified approach - let the browser connector handle the current tab and URL
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/performance-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/performance-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

LLM summary— browser-tools-mcp:1.2.1

This package received a B grade with a safety score of 83/100 and carries a moderate AIVSS risk rating of 2.8/10. Four medium-severity ansi_escape_injection vulnerabilities were identified, which could allow attackers to manipulate terminal output or inject malicious escape sequences if user input isn't properly sanitized. While no critical or high-severity issues were found, you should review how this package handles terminal output before deploying it in security-sensitive environments.

Signal scores

CVE check100

Static100

Publisher identity10

Permissions100

Supply chain100

Typosquat100

Package health90

Community82

Injection risks68

Secrets & exfil100

Destructive ops100

LLM judge panel

CVE check

No known CVEs found for this package or its dependencies.

Community trust

No community reports

Security policy: Not found
Advisories: 0

Scan details

Total findings: 4
Affected tools: 0 / 1
Scan type: Fast Scan
Rules run: 45
LLM consensus score: N/A
Scanned: 12d ago
Source: NPM

MCP Server Information

Source: NPM
Package: browser-tools-mcp
Version: 1.2.1
License: MIT
Publisher: tedjames24
Verified: No
Added: 1y 2m ago
Versions: 15
Ecosystem: Node.js / npm
Downloads/wk: 2.9K
Dependencies: 7

AIVSS Score

2.8/ 10Low

Internal score: 83/100

Severity breakdown

Scan Details

Total findings4

Affected tools0 / 1

Scanned12d ago

Scan modeFAST

SourceNPM

Scan IDpubfasta4d7d1f9b066517b0bb1

Want deeper analysis?

Fast scan found 4 findings using rule-based analysis. Upgrade for LLM consensus across 5 judges, AI-generated remediation, and cross-file taint analysis.

View plans Scan another package

Building your own MCP server?

Run this exact engine on your private repo — before users see it on /scan.

Same rules, same LLM judges, same grade. Private scans stay isolated to your account and never appear in the public registry. Required for code your team hasn’t shipped yet.

See plans with Private scans How private scans stay private

4 of 4 findings

medium (4)

4 findings

medium (4)

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

async () => {
    return await withServerConnection(async () => {
      try {
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/best-practices-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/best-practices-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

return await withServerConnection(async () => {
      try {
        // Simplified approach - let the browser connector handle the current tab and URL
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/accessibility-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/accessibility-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

async () => {
    return await withServerConnection(async () => {
      try {
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/seo-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/seo-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

return await withServerConnection(async () => {
      try {
        // Simplified approach - let the browser connector handle the current tab and URL
        console.log(
          `Sending POST request to http://${discoveredHost}:${discoveredPort}/performance-audit`
        );
        const response = await fetch(
          `http://${discoveredHost}:${discoveredPort}/performance-audit`,
          {

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

Report false positive →

1354	async () => {
1355	return await withServerConnection(async () => {
1356	try {
1357	console.log(
1358	`Sending POST request to http://${discoveredHost}:${discoveredPort}/best-practices-audit`
1359	);
1360	const response = await fetch(
1361	`http://${discoveredHost}:${discoveredPort}/best-practices-audit`,
1362	{

357	return await withServerConnection(async () => {
358	try {
359	// Simplified approach - let the browser connector handle the current tab and URL
360	console.log(
361	`Sending POST request to http://${discoveredHost}:${discoveredPort}/accessibility-audit`
362	);
363	const response = await fetch(
364	`http://${discoveredHost}:${discoveredPort}/accessibility-audit`,
365	{

522	async () => {
523	return await withServerConnection(async () => {
524	try {
525	console.log(
526	`Sending POST request to http://${discoveredHost}:${discoveredPort}/seo-audit`
527	);
528	const response = await fetch(
529	`http://${discoveredHost}:${discoveredPort}/seo-audit`,
530	{

440	return await withServerConnection(async () => {
441	try {
442	// Simplified approach - let the browser connector handle the current tab and URL
443	console.log(
444	`Sending POST request to http://${discoveredHost}:${discoveredPort}/performance-audit`
445	);
446	const response = await fetch(
447	`http://${discoveredHost}:${discoveredPort}/performance-audit`,
448	{

1354	async () => {
1355	return await withServerConnection(async () => {
1356	try {
1357	console.log(
1358	`Sending POST request to http://${discoveredHost}:${discoveredPort}/best-practices-audit`
1359	);
1360	const response = await fetch(
1361	`http://${discoveredHost}:${discoveredPort}/best-practices-audit`,
1362	{