// SCAN REPORT

Google Flow Browser MCP

17 tools. 10 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

10 can modify or destroy data
7 read-only
17 tools total

Community server · catalogue entry verified 12/06/2026

How to control Google Flow Browser MCP ↓

TOOL MAP

What Google Flow Browser MCP exposes to your agents

Read (7) Write / Execute (9) Destructive / Financial (1)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous Google Flow Browser MCP tools

Financial · High flow_generate_image The tool explicitly states it consumes credits when generating images, making each invocation a financial commitment. Execute · Medium flow_connect This tool launches a browser process, connects via Chrome DevTools Protocol (CDP), and navigates to an external web service. Execute · Medium flow_disconnect This tool terminates an active browser session and cleans up the MCP connection. Execute · Medium flow_discover_ui This tool performs browser automation by navigating to a page and interacting with the DOM to discover UI elements, then updates internal state.

10 of Google Flow Browser MCP's 17 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Google Flow Browser MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Google Flow Browser MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default
{
  "flow_generate_image": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Rate limit write operations
{
  "flow_create_character": {
    "limits": [
      {
        "counter": "flow_create_character_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "flow_account_check": {
    "limits": [
      {
        "counter": "flow_account_check_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Google Flow Browser MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON GOOGLE FLOW BROWSER →

Free to start. No card required.

FULL CATALOGUE

All 17 Google Flow Browser MCP tools

FINANCIAL 1 tools
Financial flow_generate_image ⚠️ CES IMAGES CONSOMMENT DES CRÉDITS. Par défaut (auto_confirm=false): remplit le prompt, sélectionne le modèl
EXECUTE 6 tools
Execute flow_connect Launch Chrome with the configured Google profile, connect CDP, navigate to Google Flow, and verify account. Execute flow_disconnect Close the browser and clean up the MCP connection to Google Flow. Execute flow_discover_ui Navigate to a Google Flow page and discover all interactive elements (buttons, inputs, links, headings). Updat Execute flow_generate_video Set up a video generation in Google Flow. Fills prompt, selects Omni Flash or Veo model, configures settings. Execute flow_use_grid_architect Open Grid Architect in Google Flow, fill theme prompt, shot prompts, engine, ratio, and visual logic settings. Execute flow_use_tool Open any tool by name in Google Flow and optionally fill its configuration parameters.
WRITE 3 tools
Write flow_create_character Create a new character in Google Flow Characters with name and description. Write flow_create_scene Create a new scene in Google Flow Scenes with characters and prompt. Write flow_import_character Import a character from a saved JSON file into Google Flow.
READ 7 tools
Read flow_account_check Verify the logged-in Google account matches the configured expected email (Profile 3). Read flow_download_latest Download the most recently generated file from Google Flow. Read flow_queue_status Check the job queue: active job, pending queue, completed and failed job history. Read flow_screenshot Take a screenshot of the current Google Flow page. Read flow_status Check current connection status: browser connected, Flow page loaded, account verified, job queue state. Read flow_open_characters Open the Google Flow Characters page and list existing characters. Read flow_open_tools_gallery Open the Google Flow Tools Gallery and list available tools.
FAQ

Questions about Google Flow Browser MCP

Can an AI agent move money through the Google Flow Browser MCP server? +

Yes. The Google Flow Browser MCP server exposes 1 financial tools including flow_generate_image. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

How do I prevent bulk modifications through Google Flow Browser MCP? +

The Google Flow Browser MCP server has 3 write tools including flow_create_character, flow_create_scene, flow_import_character. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Google Flow Browser MCP.

How many tools does the Google Flow Browser MCP server expose? +

17 tools across 2 categories: Read, Write. 7 are read-only. 10 can modify, create, or delete data.

How do I enforce a policy on Google Flow Browser MCP? +

Register the Google Flow Browser MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Google Flow Browser MCP tool call.

Deterministic rules across all 17 Google Flow Browser MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON GOOGLE FLOW BROWSER →

Free to start. No card required.

17 Google Flow Browser MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.