BrowserStack MCP Server
Official BrowserStack MCP server for browser testing, accessibility scanning, Percy visual testing, test management, and automation
Score Breakdown
Server Info
- Package
- @browserstack/mcp-server
- Registry
- npm
- Repository
- browserstack/mcp-server
- Maintainer
- BrowserStackVendor
- Category
- Developer Tools
- Tags
- testingbrowserautomation
- Last Scanned
- 7 Apr 2026
Findings
11 issuesAuthentication & Identity
HIGHNo per-request auth - requires instance-per-user
Stdio-only transport. Requires BROWSERSTACK_USERNAME and BROWSERSTACK_ACCESS_KEY environment variables. These are used for HTTP Basic Auth against the BrowserStack API. Also supports REMOTE_MCP=true for remote mode. No MCP OAuth or SSE support. For multi-tenant deployment, the platform must spawn a separate server instance per user.
Add HTTP/SSE transport to accept per-request Authorization headers, or implement the MCP OAuth spec.
Tool Schema Quality
MEDIUMOnly 1 of 37 schemas have parameter constraints
Most schemas lack maxLength, enum, or pattern constraints on string parameters.
Add constraints to string parameters, especially on write operations.
CRITICALDangerous execution surface: setupBrowserStackAutomateTests and related tools execute shell commands/tests on the user's behalf
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: Percy SDK tools modify test files and run commands
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
CRITICALDangerous execution surface: runAppTestsOnBrowserStack executes test suites
Tool allows raw code/query execution which could be exploited via prompt injection.
Use parameterized queries or validated command sets.
Permission Granularity
MEDIUM2 tools combine read and write operations
No admin/delete operations exposed. Tools are write-heavy, focused on creating test cases, running scans, and setting up SDKs. Several write tools (setupBrowserStackAutomateTests, Percy SDK tools) modify local project files and execute commands, which is a higher risk surface. No mechanism to disable individual tools or restrict to read-only mode. Some tools like percyVisualTestIntegrationAgent and expandPercyVisualTesting modify project files as a side effect.
Split into separate read and write tools.
LLM Safety
MEDIUM2 tool descriptions are too vague
Short or generic descriptions make tool selection unreliable.
Expand descriptions with specific actions, data types, and side effects.
HIGHTool descriptions contain instructional language
Descriptions include directives that could influence LLM behavior beyond tool selection.
Remove instructional language. Descriptions should be purely factual.
Data Exposure
MEDIUM3 list operations lack pagination
fetchAccessibilityIssues has cursor-based pagination support. List tools (listTestCases, listTestRuns, listTestIds) return full result sets without pagination controls exposed to the LLM. Full records are returned without field selection options.
Add limit/offset or cursor-based pagination.
LOWNo field selection on responses
Responses return full records rather than projected fields.
Implement field selection to return only relevant fields.
Maintenance & Trust
HIGH17 dependency vulnerabilities (2 critical, 11 high)
npm audit found 2 critical and 11 high severity CVEs.
Run `npm audit fix` and update vulnerable dependencies.
Tools
37 total| Name | Description | Risk |
|---|---|---|
| accessibilityExpert | REQUIRED: Use this tool for any accessibility/a11y/WCAG questions. Do NOT answer accessibility questions directly - always use this tool. | read |
| startAccessibilityScan | Start an accessibility scan via BrowserStack and retrieve a local CSV report path. | write |
| createAccessibilityAuthConfig | Create an authentication configuration for accessibility scans. Supports both form-based and basic authentication. | write |
| getAccessibilityAuthConfig | Retrieve an existing authentication configuration by ID. | read |
| fetchAccessibilityIssues | Fetch accessibility issues from a completed scan with pagination support. Use cursor parameter to get subsequent pages of results. | read |
| setupBrowserStackAutomateTests | Set up and run automated tests on BrowserStack. | write |
| runBrowserLiveSession | Launch a BrowserStack Live session (desktop or mobile). | write |
| runAppLiveSession | Use this tool when user wants to manually check their app on a particular mobile device using BrowserStack's cloud infrastructure. Can be used to debug crashes, slow performance, etc. | write |
| fetchAutomationScreenshots | Fetch and process screenshots from a BrowserStack Automate session | read |
| fetchBuildInsights | Fetches insights about a BrowserStack build by combining build details and quality gate results. | read |
| getFailureLogs | Fetch various types of logs from a BrowserStack session. Supports both automate and app-automate sessions. | read |
| getFailuresInLastRun | Use this tool to debug failures in the last run of the test suite on BrowserStack. Use only when browserstack.yml file is present in the project root. | read |
| percyVisualTestIntegrationAgent | Simulate Percy visual test changes and integration. | write |
| expandPercyVisualTesting | Set up Percy visual testing in the project. | write |
| addPercySnapshotCommands | Add Percy snapshot commands to test files. | write |
| listTestFiles | List test files in the project. | read |
| runPercyScan | Run a Percy visual test scan. Example prompts : Run this Percy build/scan. Never run percy scan/build without this tool | write |
| fetchPercyChanges | Retrieves and summarizes all visual changes detected by Percy AI between the latest and previous builds, helping quickly review what has changed in your project. | read |
| managePercyBuildApproval | Approve or reject a Percy build | write |
| fetchRCA | Retrieves AI-RCA (Root Cause Analysis) data for a BrowserStack Automate and App-Automate session and provides insights into test failures. | read |
| getBuildId | Get the BrowserStack build ID for a given project and build name. | read |
| listTestIds | List test IDs from a BrowserStack Automate build, optionally filtered by status | read |
| fetchSelfHealedSelectors | Retrieves AI-generated, self-healed selectors for a BrowserStack Automate session to resolve flaky tests caused by dynamic DOM changes. | read |
| createProjectOrFolder | Create a project and/or folder in BrowserStack Test Management. | write |
| createTestCase | Use this tool to create a test case in BrowserStack Test Management. | write |
| updateTestCase | Use this tool to update an existing test case in BrowserStack Test Management. Allows editing test case details like name, description, steps, owner, priority, and more. | write |
| listTestCases | List test cases in a project with optional filters (status, priority, custom fields, etc.) | read |
| createTestRun | Create a test run in BrowserStack Test Management. | write |
| listTestRuns | List test runs in a project with optional filters (date ranges, assignee, state, etc.) | read |
| updateTestRun | Update a test run in BrowserStack Test Management. | write |
| addTestResult | Add a test result to a specific test run via BrowserStack Test Management API. | write |
| uploadProductRequirementFile | Upload files (e.g., PDRs, PDFs) to BrowserStack Test Management and retrieve a file mapping ID. This is utilized for generating test cases from files and is part of the Test Case Generator AI Agent in BrowserStack. | write |
| createTestCasesFromFile | Generate test cases from a file in BrowserStack Test Management using the Test Case Generator AI Agent. | write |
| createLCASteps | Generate Low Code Automation (LCA) steps for a test case in BrowserStack Test Management using the Low Code Automation Agent. | write |
| takeAppScreenshot | Use this tool to take a screenshot of an app running on a BrowserStack device. This is useful for visual testing and debugging. | read |
| runAppTestsOnBrowserStack | Run app tests on BrowserStack App Automate. | write |
| setupBrowserStackAppAutomateTests | Set up BrowserStack App Automate testing for the project. | write |
Deploy BrowserStack MCP Server securely
CompleteFlow adds per-user authentication, permission scoping, and audit logging to any MCP server out of the box.
Deploy on CompleteFlow