Comparing Five Browser-Focused MCP Servers
Browser automation is one of the most contested categories in the MCP ecosystem. This comparison evaluates five npm-published servers — @agent-infra/mcp-server-browser, @automatalabs/mcp-server-playwright, @browserstack/mcp-server, browser-devtools-mcp, and fetcher-mcp — across security, freshness, adoption, quality, and trust. All five expose distinct workflows: full browser-use agents, Playwright wrappers, cloud device clouds, devtools introspection, and pure fetchers. Scores below come directly from registry metadata, GitHub signals, and static analysis.
Score Breakdown
| Server | Overall | Security | Freshness | Adoption | Quality | Trust | Risk |
|---|---|---|---|---|---|---|---|
@agent-infra/mcp-server-browser | 87.8 | 100 | 100 | 74.0 | 80 | 50 | high |
@automatalabs/mcp-server-playwright | 67.7 | 100 | 40 | 58.4 | 60 | 50 | high |
@browserstack/mcp-server | 62.6 | 100 | 30 | 45.3 | 60 | 50 | high |
browser-devtools-mcp | 63.2 | 100 | 30 | 48.7 | 60 | 50 | low |
fetcher-mcp | 61.9 | 100 | 30 | 42.2 | 60 | 50 | unknown |
Security & Risk
All five servers post a perfect security score of 100, but the underlying risk classification tells a more nuanced story. @agent-infra/mcp-server-browser is flagged with 3 secrets found in its source tree — a serious security concern that operators must investigate before deployment. Despite the perfect security_score, exposed credentials in a published artifact can mean leaked API tokens, test fixtures with real keys, or development environment variables baked into the package. Audit the package contents before granting it network or filesystem access.
Capability footprints also matter. @agent-infra/mcp-server-browser, @automatalabs/mcp-server-playwright, and @browserstack/mcp-server all read and write the filesystem; the first and third also make outbound network calls. browser-devtools-mcp is the most contained — it reports no filesystem or network access, which aligns with its low risk class (the only one in the lineup). fetcher-mcp reports unknown capabilities and unknown risk class, meaning static analysis could not characterize what it does at runtime — treat as untrusted until reviewed.
Adoption & Activity
Weekly download volume diverges sharply from GitHub stars. browser-devtools-mcp leads with 10,843 weekly downloads despite having 0 stars on its repo, suggesting it is being pulled into pipelines without much community visibility. fetcher-mcp (3,263/wk) and @browserstack/mcp-server (2,632/wk) are similarly downloaded-but-unstarred. By contrast, @agent-infra/mcp-server-browser sits inside the ByteDance UI-TARS-desktop repo with 31,960 stars but only 968 weekly downloads — reach is high, direct npm consumption is modest. @automatalabs/mcp-server-playwright has 288 stars and 389 weekly downloads.
Commit recency is where most contenders fall behind. @agent-infra/mcp-server-browser was updated 11 days ago (freshness 100), while @automatalabs/mcp-server-playwright has not seen a commit in 329 days (freshness 40). The remaining three report no commit timestamp at all and score 30 on freshness — a meaningful warning for software wrapping browser engines that ship security patches monthly. Tool surface area also varies wildly: @browserstack/mcp-server exposes 39 tools, @agent-infra/mcp-server-browser exposes 12, and the rest report 0 or null.
Install Commands
npx @agent-infra/mcp-server-browsernpx @automatalabs/mcp-server-playwrightnpx @browserstack/mcp-servernpx browser-devtools-mcpnpx fetcher-mcpRecommendation
Winner on score: @agent-infra/mcp-server-browser (87.8) — backed by a 31.9k-star ByteDance project, freshly committed (11 days), and shipping 12 tools. However, the 3 secrets detected in its package are a blocking issue for any production or credential-sensitive environment. Use it only after auditing and rotating any exposed values, or pin to a vetted commit.
Safer practical pick: browser-devtools-mcp — it is the only server in the comparison with a low risk class, no filesystem or network access reported, and the highest weekly download count (10,843). Its overall score (63.2) is lower because freshness and adoption data are sparse, but its contained capability profile makes it the lowest-blast-radius option for devtools introspection workloads.
For cross-browser cloud testing, @browserstack/mcp-server's 39-tool surface is unmatched, but the high-risk classification and missing freshness data warrant a vendor-trust review before adoption. Avoid @automatalabs/mcp-server-playwright until it sees a maintenance commit (last activity ~11 months ago), and treat fetcher-mcp as unverified until its capability profile can be characterized.