Official (Anthropic)Active· 12d699t★ 4.3by Anthropic

Puppeteer

Headless browser control for Claude. Screenshots, form filling, scraping, and interacting with pages that require JavaScript.

View repo

Safety & Trust

Delv Safety Grade: B

Score 72/100 · assessed 2026-04-22

Maintainer95

Permissions35

Supply chain90

Transparency90

Incidents100

Official Anthropic MCP server providing headless Chrome automation through Puppeteer. Maintainer credentials are impeccable and the package is properly distributed via npm with clear documentation. However, the permissions surface is substantial: full browser control means arbitrary network requests, JavaScript execution in a real browser context, and filesystem access for downloads. The browser effectively becomes an unrestricted proxy that can visit any site, execute any client-side code, and exfiltrate data through screenshots or scraping. No sandbox constrains which domains can be visited or what actions can be performed. For automating trusted workflows this is fine, but the attack surface is broad if an adversary can influence the URLs or actions Claude attempts. Supply chain is clean with standard npm distribution and active maintenance in the official MCP servers monorepo.

Lethal Trifecta (prompt-injection exposure)

ONE OF THREE

Private dataNo

Reads secrets, credentials, private files

Untrusted inputYes

Ingests web pages, PRs, issues, emails

External commsNo

Can send data outbound

Loads and executes arbitrary web pages. Highest-risk untrusted-input vector in the catalogue. Pair with caution.

Green flags

Official Anthropic package in main MCP servers repository
Distributed via npm with proper versioning and semver
Well-documented with clear examples and API reference
Active maintenance as part of core MCP server collection
No known security incidents or CVEs

Red flags

Unrestricted browser can visit any URL, no domain allowlist
Full JavaScript execution in browser context enables arbitrary code
Screenshots and scraping can exfiltrate sensitive page content
Browser downloads write to filesystem without path restrictions
No sandbox limiting which sites or actions are permitted

Permissions requested

Browser controlOutbound networkWrite filesShell execute

Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y @modelcontextprotocol/server-puppeteer

Paste into your host's MCP config:

{
  "puppeteer": {
    "command": "npx",
    "args": ["-y", "@modelcontextprotocol/server-puppeteer"]
  }
}

Review

Puppeteer gives Claude control of a headless Chrome instance. You describe what you want done on a webpage, Claude translates that into browser actions, and you get screenshots or data back. It's the Anthropic-blessed way to automate anything that needs a real browser. I reach for this when I'm dealing with sites that render content client-side or hide behind login flows. Static scrapers choke on JavaScript-heavy pages, but Puppeteer just runs the JS and waits for the DOM to settle. I've used it to screenshot entire user flows for documentation, fill out repetitive forms on internal tools, and pull data from dashboards that don't offer APIs. The fact that Claude can see what's on the page and adapt its clicks makes it far more forgiving than writing brittle Selenium scripts. The setup is trivial if you're on Claude Desktop. One config block, and you're done. It spins up a fresh browser session per task, which keeps things clean but means you can't easily persist login state across conversations. If you need to stay logged in, you'll be passing cookies or session tokens manually. Performance is fine for ad-hoc tasks. For anything you'd run in a loop or on a schedule, you're better off writing a proper script. Claude's interpretation layer adds latency, and you're limited by how well you can describe what you want. Complex workflows with lots of conditional logic get messy fast. The official status matters here. This isn't some third-party wrapper that might break when Anthropic tweaks the protocol. It's maintained alongside the MCP spec itself, so it's as stable as this ecosystem gets. That said, it's still early days for MCP, so expect the occasional rough edge. If you're already comfortable with Puppeteer's API, this won't feel like magic. It's just a way to let Claude drive the same tool. The win is speed: you describe the task in plain English instead of writing selectors and wait conditions. For one-off browser automation, that's a genuine time-saver.

Verdict

Install this if you ever need to automate browser tasks without writing code. It's the fastest way to screenshot flows, scrape JS-heavy sites, or fill forms. Skip it if you're already scripting Puppeteer directly and don't need the conversational layer.

Good at

Official Anthropic server, so it's maintained alongside the MCP spec and won't break unexpectedly.
Handles JavaScript-rendered content that static scrapers miss entirely.
Zero-config install on Claude Desktop - one command and you're running.
Claude can adapt to page changes on the fly instead of failing on a missing selector.
Genuinely faster than writing throwaway Puppeteer scripts for one-off tasks.

Watch out

Doesn't persist browser sessions, so you'll re-authenticate for every new task.
Conversational overhead makes it slower than scripted automation for repetitive jobs.
Some sites block headless browsers, and there's no easy way to configure stealth mode.
Complex workflows with lots of branching logic get awkward to describe in natural language.

Use cases

Screenshotting a flow for bug reports
Filling out web forms repeatedly
Scraping JS-rendered sites
Testing your own site visually

Getting started

1. Run `npx -y @modelcontextprotocol/server-puppeteer` in your terminal to verify the package installs cleanly. 2. Add the config snippet to your Claude Desktop or Claude Code MCP settings file (usually in `~/Library/Application Support/Claude/` on macOS). 3. Restart Claude, then ask it to 'take a screenshot of example.com' to confirm Puppeteer is connected. 4. Watch out for sites with aggressive bot detection - Puppeteer runs in headless mode by default, which some services block. 5. If you need to interact with authenticated pages, you'll need to pass session cookies or tokens explicitly in your prompts.

Works with

Claude DesktopClaude CodeCursor