browserbase/mcp-server-browserbase

Minor capabilities, nothing alarming.

Environment variables (config / keys) 5

Filesystem writes 1

AI review

This is a legitimate MCP server for browser automation using Browserbase and Stagehand. The code accesses environment variables (API keys) only for their intended purpose of authenticating with the Browserbase and Gemini APIs, and there are no hidden instructions, prompt injections, or data exfiltration mechanisms.

low Environment variable access is legitimate — The code reads BROWSERBASE_API_KEY, BROWSERBASE_PROJECT_ID, and GEMINI_API_KEY from environment variables, which is expected for a browser automation service that requires API authentication. No code sends these values to unauthorized endpoints.
low File deletion in eval scripts is expected behavior — The eval script deletes temporary workflow files after evaluation, which is standard cleanup and not a security concern.

Model: deepseek-chat

Static findings

Environment variables (config / keys) · Reads environment variables (config / API keys)

low evals/run-evals.ts:88 const missingVars = requiredEnvVars.filter((v) => !process.env[v]);

low src/config.ts:24 browserbaseApiKey: process.env.BROWSERBASE_API_KEY ?? "",

low src/sessionManager.ts:27 process.env.GEMINI_API_KEY ||

low src/transport.ts:19 process.env.GEMINI_API_KEY ||

info tests/smoke.test.ts:20 ...process.env,

Filesystem writes · Reads or writes the filesystem

low evals/run-evals.ts:238 await Promise.all(workflowFiles.map((f) => fs.unlink(f)));

Scanning every extension your team installs?

Pro & Team add monitoring, private scans, and a CI gate for unsafe extensions.

MCPVet is a heuristic aid, not a security guarantee. A clean grade does not prove an extension is safe; always review code and instructions you don't trust.