Safer browser automation with a Puppeteer MCP server

A developer built a Puppeteer MCP server designed to enforce safety controls for AI-powered browser automation. The tool allows agents to click, fill forms, run JavaScript, and capture pages, but restricts these actions within explicit boundaries to prevent unsafe behavior. The project is available on GitHub and seeks community input on default-off permissions and security controls for browser automation MCP servers.

Browser automation is one of the most useful abilities for AI agents. It is also one of the easiest places to make a mess. A browser tool can click, fill forms, run JavaScript, capture pages and move through real user flows. That power needs boundaries. That is why I built a Puppeteer MCP server with safety controls in mind. Repo: https://github.com/tecnomanu/puppeteer-server https://github.com/tecnomanu/puppeteer-server What it supports: For agent workflows, I think the main question is not just can the agent browse? The better question is: can it browse inside explicit limits? A browser MCP server should make unsafe behavior harder by default. Useful cases: I am interested in feedback from people building MCP tools. Which browser permissions should be default-off? And what security controls should every browser automation MCP include?