browserbase-mcp
Cloud-hosted browser automation. Like playwright-mcp but the browser runs on Browserbase's infrastructure, with persistent sessions, captcha solving, and stealth features.
Worth it when local browser automation hits scaling or detection walls. For most workflows, playwright-mcp local is enough — Browserbase wins for production scrapers and high-volume agentic browsing.
What it does
Wraps Browserbase’s cloud browser API as MCP tools. The agent gets create_session, navigate, click, fill, screenshot, extract_text, solve_captcha (paid tier). Each session runs a real browser on Browserbase’s infrastructure, optionally persisting state across calls.
When you actually need it
If playwright-mcp running locally has hit a wall:
- Scaling. Spinning up 10 browsers locally eats RAM. Spinning up 10 browsers on Browserbase eats your wallet, but doesn’t crash your laptop.
- Bot-detection. Sites that block obvious automation (Playwright’s default user-agent / fingerprint) sometimes accept Browserbase. Not always, but more often.
- Captcha-heavy workflows. Browserbase’s captcha-solving (paid) is the only realistic option short of human-in-the-loop.
- Persistent authenticated sessions. Log in once on Browserbase, reuse the session across multiple agent calls without re-authing.
- Production agents on small infra. Your Lambda or Cloud Run instance doesn’t need to host Chromium.
Setup
"browserbase": {
"command": "npx",
"args": ["-y", "@browserbasehq/mcp"],
"env": {
"BROWSERBASE_API_KEY": "bb_…",
"BROWSERBASE_PROJECT_ID": "…"
}
}
You’ll burn free-tier session-minutes quickly during development. Plan for the paid tier if this is going to production.
The catch
You’re outsourcing the browser. That’s the entire benefit and the entire catch.
- Privacy posture changes. Browserbase sees every URL, every page, every form. For your own SaaS dashboards: usually fine (you’re already trusting Cloudflare, AWS, etc.). For competitor sites or PII-handling sites: read their docs.
- Latency floor. Local browsing has a 50-100ms latency floor on click/navigate. Browserbase adds 100-300ms per call (network round-trip + server processing). For interactive workflows this matters.
- Detection arms race. Sites that fingerprint browser sessions sometimes detect Browserbase IP ranges. Workarounds (residential proxies, paid tiers) help but aren’t guaranteed.
- Vendor lock-in. Migrating from Browserbase to playwright-mcp local is a non-trivial code change because Browserbase exposes session-management primitives that local Playwright doesn’t have built in.
For most teams: start with playwright-mcp local. Move to Browserbase only when you’ve genuinely hit a wall the local version can’t overcome.
FOR: Cloud browser automation where local Playwright has hit scaling, detection, or persistence walls.
Worth it when local hits a wall. For most projects, playwright-mcp local is sufficient and avoids the third-party data flow. Read Browserbase's privacy and retention docs before pointing agents at PII-handling sites.
Browserbase team (Series A startup, well-funded).
Browserbase team maintains; PRs go through Browserbase internal review.
API key + project ID via env. Browserbase's keys are per-project, scoped.
Browser runs in Browserbase's sandbox infrastructure (real isolation between tenants).
Local server doesn't touch host fs; downloads happen on Browserbase side.
Agent navigates anywhere — that's the whole point. Lock down target URLs at the prompt level.
API-key auth, not OAuth.
Cloud browser drives anywhere agent points it. No 'read-only browse' mode.
Same as any browser-driving MCP. Pages can contain hostile DOM. Treat all extracted text as untrusted.
MCP SDK + Browserbase official client + Playwright (for some local fallbacks).
Free tier: limited session minutes; paid tier: per-tier concurrency limits. Burst patterns hit rate limits faster than steady use.
npm package with provenance attestations.
Browserbase logs every session for billing + debugging. Their server-side retention policy applies.
Browserbase's infrastructure (US primarily). Page contents visited flow through their servers.
5 present · human approval optional
clickfillpress_keynavigatesubmit_form
NOT A FORMAL SECURITY AUDIT · Adoption posture based on public-source review · See methodology for what's measured and what isn't