Show HN: Browser MCP – Automate your browser using Cursor, Claude, VS Code

Original Article ↗ Hacker News Discussion ↗

What MCP Is (and Isn’t)

  • Several comments frame MCP as an interface layer: to AI what REST is to web APIs or “containers for tools” – standardizing how LLMs call tools.
  • Some see it as incremental over existing function-calling / JSON-schema patterns rather than a game-changer; main value is standardization and ecosystem traction.
  • Others argue its importance comes from broad adoption across clients and servers and its fit for “agentic process automation” rather than classic RPA.
  • Confusion persists; multiple replies explain MCP as a protocol that exposes tools (like browser actions) for LLMs to invoke, not the agent itself.

Browser MCP vs Playwright/Puppeteer & Prior Art

  • Browser MCP is explicitly described as an adaptation of Microsoft’s Playwright MCP, but targeting the user’s real browser session instead of fresh instances.
  • Advantages cited: reuse of existing cookies/profile, reduced bot detection, and added tools (e.g., console logs) geared to debugging and local workflows.
  • Puppeteer MCP struggles because the model often invents invalid CSS selectors; Playwright’s role-based locators plus ARIA/accessibility tree snapshots are seen as more robust.
  • Some note many earlier “LLM controls browser” projects exist; others respond that none achieved wide adoption and that aligning with MCP is the noteworthy part.

Extension vs Remote Debugging & Platform Support

  • The extension approach is favored for usability (no CLI flags) and for avoiding the security risks of exposing Chrome DevTools Protocol on a local port.
  • One thread strongly critiques exposing CDP as “keys to the kingdom” even locally, due to lack of auth and full cross-origin access.
  • Browser MCP currently works only with Chromium (via CDP). Firefox support is blocked by missing WebDriver BiDi access for extensions.

Privacy, Telemetry & Security

  • The “private/local” claim is challenged: while browsing stays local, DOM/context is still sent to the LLM and any enabled tools.
  • Some suggest the marketing should more explicitly warn non‑technical users that “all browsing data” relevant to tasks may be exposed to clients/tools.
  • A critical comment reveals the extension sends anonymous telemetry to PostHog/Amplitude; this triggers a long debate about surveillance, opt‑in analytics, and trust in extensions.
  • Separate threads raise broader MCP security risks (tool poisoning, untrusted MCP servers), comparing it to NPM’s supply‑chain issues.

Bot Detection, CAPTCHAs & Robots.txt

  • A key selling point (“avoids bot detection”) is disputed: users report being blocked or given more CAPTCHAs when automating with their own session.
  • Discussion highlights that modern anti‑bot systems use many signals (click speed, mouse movement, patterns), and that using a real profile is not a silver bullet.
  • Philosophical debate arises: some argue heavy automation worsens the web for humans, others say current captchas/Cloudflare already make it worse and that user‑side automation is justified.
  • Question of robots.txt is raised; some argue this isn’t a web crawler and thus not clearly subject to it.

Use Cases, Reliability & Limitations

  • Positive reports: it works smoothly in Claude Desktop/VS Code for simple tasks, debugging local/staging frontends, and leveraging authenticated sessions.
  • Examples include automating reimbursements, summarizing one’s own HN upvotes then picking news, and general form/navigation tasks.
  • Failures: flaky behavior on complex UIs like Google Sheets (unreliable clicking/typing, lag vs user permission prompts), keyboard events issues, and platform-specific bugs on Windows/Linux.
  • Commenters suggest domain‑specific MCPs (e.g., dedicated Google Sheets connectors) as more reliable than generic browser automation for rich apps.

MCP Hype, Standardization & Skepticism

  • Some see MCP as a “JS Trojan horse” or vendor‑driven trend pushed before LLMs are reliable enough, comparing it to crypto hype.
  • Others are enthusiastic about MCP as a unifying layer that lets LLMs act as “user agents” over today’s human‑oriented web, at least in this brief window before platforms lock it down further.