Is Cloakbrowser free?

Yes, Cloakbrowser is free to use.

How do I install Cloakbrowser?

Cloakbrowser is a local plugin. Install it using npm package: cloakbrowser-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Cloakbrowser safe to use?

Cloakbrowser scored 5.2/10 (moderate risk) in MCP Marketplace's automated security scan. It has 3 high or critical findings to review. It's listed, but review the security report on this page before installing.

What credentials does Cloakbrowser need?

Cloakbrowser requires the following credentials or environment variables: PLAYWRIGHT_MCP_BROWSER_ENGINE, PLAYWRIGHT_MCP_HEADLESS, PLAYWRIGHT_MCP_OUTPUT_DIR, PLAYWRIGHT_MCP_OUTPUT_MODE, CLOAK_PLAYWRIGHT_MCP_CONSOLE_FALLBACK, CLOAK_PLAYWRIGHT_MCP_EXTRA_ARGS, CLOAK_PLAYWRIGHT_MCP_HTTP_HOST, CLOAK_PLAYWRIGHT_MCP_HTTP_PORT, CLOAK_PLAYWRIGHT_MCP_HTTP_ENDPOINT, CLOAK_PLAYWRIGHT_MCP_HTTP_AUTH_TOKEN, CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_BACKEND, CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_IDLE_TTL_MS, CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_MAX. You can find setup instructions on the server detail page.

What AI apps work with Cloakbrowser?

Cloakbrowser uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Cloakbrowser MCP Server

by Swimmwatch

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Playwright MCP-compatible browser automation bridge for CloakBrowser Chromium.

About

Playwright MCP-compatible browser automation bridge for CloakBrowser Chromium.

Security Report

5.2

Moderate5.2Moderate Risk

cloakbrowser-mcp is a well-structured MCP bridge server with strong security practices. Authentication is properly implemented via optional Bearer tokens with timing-safe comparison, code quality is high with comprehensive error handling, and permissions align with its browser automation purpose. A minor observation about environment variable logging in non-sensitive contexts and normal for-purpose network access are the only low-severity findings. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

6 files analyzed · 7 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

process_spawn

Check that this permission is expected for this type of plugin.

system_info

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Bridge browser engine: cloak or playwright.Optional

Environment variable: PLAYWRIGHT_MCP_BROWSER_ENGINE

Run the browser in headless mode.Optional

Environment variable: PLAYWRIGHT_MCP_HEADLESS

Directory where upstream Playwright MCP writes artifacts.Optional

Environment variable: PLAYWRIGHT_MCP_OUTPUT_DIR

Return snapshots, console logs, and network logs through stdout or files.Optional

Environment variable: PLAYWRIGHT_MCP_OUTPUT_MODE

Patch upstream console message collection for CloakBrowser compatibility.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_CONSOLE_FALLBACK

Comma-separated or JSON array of extra Chromium launch arguments.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_EXTRA_ARGS

Streamable HTTP bind host.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_HTTP_HOST

Streamable HTTP bind port.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_HTTP_PORT

Streamable HTTP endpoint path.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_HTTP_ENDPOINT

Optional Streamable HTTP Bearer token.Required

Environment variable: CLOAK_PLAYWRIGHT_MCP_HTTP_AUTH_TOKEN

Session metadata backend. Only memory is implemented in this release.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_BACKEND

Idle TTL for Streamable HTTP sessions.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_IDLE_TTL_MS

Maximum active Streamable HTTP sessions in one process.Optional

Environment variable: CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_MAX

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-swimmwatch-cloakbrowser-mcp": {
      "env": {
        "PLAYWRIGHT_MCP_HEADLESS": "your-playwright-mcp-headless-here",
        "PLAYWRIGHT_MCP_OUTPUT_DIR": "your-playwright-mcp-output-dir-here",
        "PLAYWRIGHT_MCP_OUTPUT_MODE": "your-playwright-mcp-output-mode-here",
        "PLAYWRIGHT_MCP_BROWSER_ENGINE": "your-playwright-mcp-browser-engine-here",
        "CLOAK_PLAYWRIGHT_MCP_HTTP_HOST": "your-cloak-playwright-mcp-http-host-here",
        "CLOAK_PLAYWRIGHT_MCP_HTTP_PORT": "your-cloak-playwright-mcp-http-port-here",
        "CLOAK_PLAYWRIGHT_MCP_EXTRA_ARGS": "your-cloak-playwright-mcp-extra-args-here",
        "CLOAK_PLAYWRIGHT_MCP_HTTP_ENDPOINT": "your-cloak-playwright-mcp-http-endpoint-here",
        "CLOAK_PLAYWRIGHT_MCP_HTTP_AUTH_TOKEN": "your-cloak-playwright-mcp-http-auth-token-here",
        "CLOAK_PLAYWRIGHT_MCP_CONSOLE_FALLBACK": "your-cloak-playwright-mcp-console-fallback-here",
        "CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_MAX": "your-cloak-playwright-mcp-http-session-max-here",
        "CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_BACKEND": "your-cloak-playwright-mcp-http-session-backend-here",
        "CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_IDLE_TTL_MS": "your-cloak-playwright-mcp-http-session-idle-ttl-ms-here"
      },
      "args": [
        "-y",
        "cloakbrowser-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

cloakbrowser-mcp

cloakbrowser-mcp is a Model Context Protocol browser automation server that runs upstream @playwright/mcp with the CloakBrowser Chromium binary. It provides Playwright MCP-compatible tools through a thin CloakBrowser bridge for npm and Docker users over stdio or Streamable HTTP.

Documentation: swimmwatch.github.io/cloakbrowser-mcp

Cross-platform checks cover npm on Linux x64/arm64, macOS arm64/x64, and Windows x64 across Node.js 22-26. Docker images are built and smoke-tested for linux/amd64 and linux/arm64.

The server is intentionally thin:

upstream Playwright MCP owns browser tool schemas, descriptions, and responses;
this package generates a Playwright MCP config that points launchOptions.executablePath to CloakBrowser;
the bridge exposes upstream tools unchanged;
the only local tools are cloakbrowser_binary_info and cloakbrowser_bridge_info.

Version compatibility

cloakbrowser-mcp	@playwright/mcp	CloakBrowser	Node.js	Platform
`1.4.0`	`^0.0.76`	`^0.3.32`	`>=22.12`	npm on Linux x64/arm64, macOS arm64/x64, Windows x64; Docker `linux/amd64`, `linux/arm64`
`1.3.0`	`^0.0.75`	`^0.3.31`	`>=20`	Docker `linux/amd64`, Node.js local
`1.2.7`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.2.6`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.2.5`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.2.3`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.2.2`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.2.1`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.2.0`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.1.0`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.0.2`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.0.1`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local
`1.0.0`	`^0.0.75`	`^0.3.30`	`>=20`	Docker `linux/amd64`, Node.js local

See Version Compatibility for the maintained compatibility table.

Registry visibility

cloakbrowser-mcp publishes server.json to the official MCP Registry. GitHub's github.com/mcp registry is a separate curated discovery surface, so an official MCP Registry release may not appear there immediately.

Verify the current official registry entry and GitHub MCP visibility probe with:

npm run registry:check

Use npm run registry:check:strict only when GitHub MCP listing visibility should be treated as a required release gate.

Run from npm

npx -y cloakbrowser-mcp@latest --help
npx -y cloakbrowser-mcp@latest doctor
npx -y cloakbrowser-mcp@latest doctor --json
npx -y cloakbrowser-mcp@latest
npx -y cloakbrowser-mcp@latest --transport streamable-http --http-port 3000
npx -y cloakbrowser-mcp@latest --transport streamable-http --http-protocol https --https-cert ./cert.pem --https-key ./key.pem

Requires Node.js 22.12 or newer. The first real browser action may download the CloakBrowser binary unless it is already cached. Use doctor for local diagnostics before connecting an MCP client. It checks the Node.js engine, project metadata, upstream Playwright MCP resolution, and CloakBrowser binary metadata without starting the bridge or downloading a browser. The default transport is stdio. Streamable HTTP binds to 127.0.0.1 by default, serves MCP at /mcp, and exposes fixed GET /healthz and GET /readyz probes. Use --http-protocol https with --https-cert and --https-key or --https-pfx for direct TLS. If --http-auth-token is set, the probes require the same Authorization: Bearer ... header as MCP requests. For the complete generated CLI flag reference, see the published CLI Reference.

Run from Docker

docker pull swimmwatch/cloakbrowser-mcp:latest
docker run --rm --init -i \
  -v "$PWD/artifacts:/data" \
  swimmwatch/cloakbrowser-mcp:latest

docker run --rm --init -p 127.0.0.1:3000:3000 \
  -v "$PWD/artifacts:/data" \
  swimmwatch/cloakbrowser-mcp:latest \
  --transport streamable-http --http-host 0.0.0.0 --http-port 3000

curl http://127.0.0.1:3000/healthz
curl http://127.0.0.1:3000/readyz

For direct HTTPS from the container, mount your TLS files and select HTTPS:

docker run --rm --init -p 127.0.0.1:3000:3000 \
  -v "$PWD/artifacts:/data" \
  -v "$PWD/certs:/certs:ro" \
  swimmwatch/cloakbrowser-mcp:latest \
  --transport streamable-http --http-host 0.0.0.0 --http-port 3000 \
  --http-protocol https --https-cert /certs/cert.pem --https-key /certs/key.pem

The Docker image is based on the pinned official Playwright MCP image, installs the bridge under /opt/cloakbrowser-mcp, writes artifacts to /data by default, and is published for linux/amd64 and linux/arm64. The same tags are also published to ghcr.io/swimmwatch/cloakbrowser-mcp.

MCP client configuration

npm

{
  "mcpServers": {
    "cloakbrowser": {
      "command": "npx",
      "args": ["-y", "cloakbrowser-mcp@latest"],
      "env": {
        "PLAYWRIGHT_MCP_OUTPUT_DIR": "/tmp/cloakbrowser-artifacts",
        "PLAYWRIGHT_MCP_HEADLESS": "true"
      }
    }
  }
}

Docker

{
  "mcpServers": {
    "cloakbrowser": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "--init",
        "-i",
        "-v",
        "/tmp/cloakbrowser-artifacts:/data",
        "swimmwatch/cloakbrowser-mcp:latest"
      ]
    }
  }
}

Configuration

Use upstream PLAYWRIGHT_MCP_* variables for browser, artifact, timeout, network, and tool capability settings. Cloak-specific bridge toggles use CLOAK_PLAYWRIGHT_MCP_*. CLI flags are documented in the generated CLI Reference.

Common variables:

Variable	Default	Description
`CLOAK_PLAYWRIGHT_MCP_TRANSPORT`	`stdio`	MCP transport exposed by the bridge: `stdio` or `streamable-http`.
`CLOAK_PLAYWRIGHT_MCP_HTTP_PROTOCOL`	`http`	Streamable HTTP listener protocol: `http` or `https`.
`CLOAK_PLAYWRIGHT_MCP_HTTP_HOST`	`127.0.0.1`	Streamable HTTP bind host.
`CLOAK_PLAYWRIGHT_MCP_HTTP_PORT`	`3000`	Streamable HTTP bind port.
`CLOAK_PLAYWRIGHT_MCP_HTTP_ENDPOINT`	`/mcp`	Streamable HTTP endpoint path.
`CLOAK_PLAYWRIGHT_MCP_HTTP_AUTH_TOKEN`	unset	Optional Bearer token for Streamable HTTP.
`CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_BACKEND`	`memory`	Session metadata backend. Only `memory` is implemented in this release.
`CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_IDLE_TTL_MS`	`3600000`	Idle TTL for Streamable HTTP sessions.
`CLOAK_PLAYWRIGHT_MCP_HTTP_SESSION_MAX`	`32`	Maximum active Streamable HTTP sessions in one process.
`CLOAK_PLAYWRIGHT_MCP_HTTPS_CERT`	unset	TLS certificate PEM path for HTTPS Streamable HTTP.
`CLOAK_PLAYWRIGHT_MCP_HTTPS_KEY`	unset	TLS private key PEM path for HTTPS Streamable HTTP.
`CLOAK_PLAYWRIGHT_MCP_HTTPS_PFX`	unset	TLS PFX/PKCS12 path for HTTPS Streamable HTTP.
`CLOAK_PLAYWRIGHT_MCP_HTTPS_PASSPHRASE`	unset	Passphrase for an encrypted HTTPS key or PFX.
`CLOAK_PLAYWRIGHT_MCP_LOG_LEVEL`	`info`	Streamable HTTP operational log level: `trace`, `debug`, `info`, `warn`, `error`, `fatal`, or `silent`.
`PLAYWRIGHT_MCP_BROWSER_ENGINE`	`cloak`	`cloak` uses CloakBrowser. `playwright` uses the upstream Playwright MCP browser runtime.
`PLAYWRIGHT_MCP_HEADLESS`	`true`	Runs Chromium headless.
`PLAYWRIGHT_MCP_OUTPUT_DIR`	`.playwright-mcp`	Artifact directory for npm usage. Docker defaults to `/data`.
`PLAYWRIGHT_MCP_OUTPUT_MODE`	`stdout`	Upstream output mode, either `stdout` or `file`.
`CLOAK_PLAYWRIGHT_MCP_CONSOLE_FALLBACK`	`true`	Enables the compatibility patch for console messages.
`CLOAK_PLAYWRIGHT_MCP_STEALTH_ARGS`	`true`	Adds CloakBrowser default stealth launch arguments.
`CLOAK_PLAYWRIGHT_MCP_EXTRA_ARGS`	unset	Comma-separated or JSON array of extra Chromium launch arguments.

The old CLOAKBROWSER_MCP_* variables are not supported.

Tools

The upstream Playwright MCP tool list is authoritative. This project does not reimplement or re-document upstream browser schemas in source code.

Local tools:

cloakbrowser_binary_info returns CloakBrowser package, platform, cache, and resolved binary data.
cloakbrowser_bridge_info returns bridge metadata, upstream package/version, and local tool names.

Development

npm install
npm run build
npm test
npm run docker:build
npm run docker:smoke
npm run server:validate
npm run bridge:compare -- cloakbrowser-mcp:dev --report bridge-parity-report.json

Documentation starts at docs/getting-started.md. Contributor material is grouped under docs/contributor-guide.md.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

Cloakbrowser MCP Server

About

Security Report

Findings (7)Action required

Permissions Required

What You'll Need

How to Install

Documentation

cloakbrowser-mcp

Version compatibility

Registry visibility

Run from npm

Run from Docker

MCP client configuration

npm

Docker

Configuration

Tools

Development

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Git

Toleno

mcp-creator-python

MarkItDown

FinAgent