browserbase/mcp-server-browserbase

Minor capabilities, nothing alarming.

Environment variables (config / keys) 5

Filesystem writes 1

AI review

No prompt injection, hidden instructions, data exfiltration, or deceptive tool descriptions found. The extension reads environment variables for legitimate API keys (Browserbase, Gemini) and uses them only for their intended purpose of browser automation. All file operations are limited to the extension's own evaluation/temp files.

low Environment variable access is legitimate — The extension reads BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID, and GEMINI_API_KEY from environment variables. These are standard API credentials required for the stated purpose of cloud browser automation via Browserbase and Stagehand. No code exfiltrates these values to external endpoints beyond the intended Browserbase API.
low File deletion in evals is self-contained — The eval script deletes workflow files after test execution. This is standard cleanup behavior and only operates on files created by the eval process itself, not arbitrary user files.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low evals/run-evals.ts:88 const missingVars = requiredEnvVars.filter((v) => !process.env[v]);

low src/config.ts:24 browserbaseApiKey: process.env.BROWSERBASE_API_KEY ?? "",

low src/sessionManager.ts:27 process.env.GEMINI_API_KEY ||

low src/transport.ts:19 process.env.GEMINI_API_KEY ||

info tests/smoke.test.ts:20 ...process.env,

Filesystem writes · Reads or writes the filesystem

low evals/run-evals.ts:238 await Promise.all(workflowFiles.map((f) => fs.unlink(f)));

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.