Browser

63 tools. 36 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

36 can modify or destroy data
27 read-only
63 tools total

Community server · catalogue entry verified 30/06/2026

How to control Browser ↓

What Browser exposes to your agents

Read (27) Write / Execute (34) Destructive / Financial (2)
Critical Risk

The most dangerous Browser tools

36 of Browser's 63 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Browser

PolicyLayer is an MCP gateway — it sits between your AI agents and Browser, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "browser_console_clear": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "browser_close_page": {
    "limits": [
      {
        "counter": "browser_close_page_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "browser_console_get": {
    "limits": [
      {
        "counter": "browser_console_get_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Browser — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON BROWSER →

Instant setup, no code required.

All 63 Browser tools

EXECUTE 32 tools
Execute browser_click Click an element on the page using Playwright selector (see browser_docs) Execute browser_console_start Start capturing browser console logs (console.log, console.error, console.warn, etc.) (see browser_docs) Execute browser_control_media Control a media element (play, pause, seek, mute) (see browser_docs) Execute browser_evaluate Execute JavaScript in the browser context (see browser_docs) Execute browser_focus Focus an element (see browser_docs) Execute browser_go_back Navigate back in history (see browser_docs) Execute browser_go_forward Navigate forward in history (see browser_docs) Execute browser_hover Hover over an element (see browser_docs) Execute browser_mouse_click Click the mouse at specific coordinates or on current position (see browser_docs) Execute browser_mouse_drag Drag from one position to another (see browser_docs) Execute browser_mouse_move Move the mouse to specific coordinates (see browser_docs) Execute browser_mouse_wheel Scroll the mouse wheel (see browser_docs) Execute browser_navigate Navigate to a URL in the browser (see browser_docs) Execute browser_net_emulate_conditions Emulate network conditions (throttling) (see browser_docs) Execute browser_net_set_request_blocking Block requests matching URL patterns (see browser_docs) Execute browser_net_start_monitoring Start monitoring network requests with detailed timing (see browser_docs) Execute browser_net_stop_monitoring Stop network monitoring and clear request log (see browser_docs) Execute browser_new_page Open a new browser page (tab) (see browser_docs) Execute browser_perf_start_coverage Start tracking CSS and JavaScript code coverage (see browser_docs) Execute browser_perf_start_profile Start CPU profiling to track JavaScript execution (see browser_docs) Execute browser_perf_stop_profile Stop CPU profiling and get profile data (see browser_docs) Execute browser_press_key Send a keyboard event (press a key) (see browser_docs) Execute browser_reload Reload the current page (see browser_docs) Execute browser_resize_window Resize the browser window (useful for testing responsiveness) (see browser_docs) Execute browser_scroll Scroll the page (see browser_docs) Execute browser_sec_stop_csp_monitoring Stop CSP monitoring and clear violations (see browser_docs) Execute browser_select Select options in a dropdown (see browser_docs) Execute browser_start_video_recording Start recording browser session as video (see browser_docs) Execute browser_switch_page Switch to a different browser page (tab) (see browser_docs) Execute browser_type Type text into an input field (see browser_docs) Execute browser_wait Pause execution for a duration (see browser_docs) Execute browser_wait_for_selector Wait for an element to appear on the page (see browser_docs)
READ 27 tools
Read browser_console_get Get all captured console logs since browser_console_start was called (see browser_docs) Read browser_docs Get detailed documentation, return values, examples, and caveats for any browser tool Read browser_get_audio_analysis Analyze audio output for a duration to detect sound vs silence and frequencies (see browser_docs) Read browser_get_dom Get the full DOM structure or specific element data (see browser_docs) Read browser_get_media_summary Get a summary of all audio and video elements on the page (see browser_docs) Read browser_get_text Get text content from an element (see browser_docs) Read browser_health_check Check if the browser is running and accessible on port 9222 (see browser_docs) Read browser_list_pages List all open browser pages (tabs) (see browser_docs) Read browser_net_export_har Export full network activity log in HAR format (see browser_docs) Read browser_net_get_requests Get captured network requests with timing breakdown (see browser_docs) Read browser_net_get_websocket_frames Get WebSocket frames for inspecting real-time communication (see browser_docs) Read browser_perf_get_heap_usage Get current JavaScript heap usage statistics (see browser_docs) Read browser_perf_get_metrics Get runtime performance metrics (DOM nodes, event listeners, JS heap) (see browser_docs) Read browser_perf_get_performance_metrics Get web vitals and navigation timing (FCP, LCP, CLS, TTFB) (see browser_docs) Read browser_perf_stop_coverage Stop coverage and get results showing used vs unused code (see browser_docs) Read browser_perf_take_heap_snapshot Capture heap snapshot for memory analysis (see browser_docs) Read browser_read_page Read the content and metadata of the current page (see browser_docs) Read browser_screenshot Take a screenshot of the current page (see browser_docs) Read browser_sec_detect_mixed_content Detect mixed content warnings (HTTPS page loading HTTP resources) (see browser_docs) Read browser_sec_get_certificate_info Get TLS/SSL certificate details for HTTPS sites (see browser_docs) Read browser_sec_get_csp_violations Get captured CSP violations (see browser_docs) Read browser_sec_get_security_headers Inspect security-related HTTP headers (see browser_docs) Read browser_sec_start_csp_monitoring Monitor Content Security Policy violations (see browser_docs) Read browser_storage_get_cache_storage List Cache Storage API caches and their entries (see browser_docs) Read browser_storage_get_indexeddb Inspect IndexedDB databases and their data (see browser_docs) Read browser_storage_get_service_workers Get service worker registrations and their state (see browser_docs) Read browser_storage_unregister_service_worker Unregister a service worker (see browser_docs)

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Browser

Can an AI agent delete data through the Browser MCP server? +

Yes. The Browser server exposes 2 destructive tools including browser_console_clear, browser_storage_delete_cache. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Browser? +

The Browser server has 2 write tools including browser_close_page, browser_stop_video_recording. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Browser.

How many tools does the Browser MCP server expose? +

63 tools across 4 categories: Destructive, Execute, Read, Write. 27 are read-only. 36 can modify, create, or delete data.

How do I enforce a policy on Browser? +

Register the Browser MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Browser tool call.

Deterministic rules across all 63 Browser tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

63 Browser tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.