browser-use

The documented package enables legitimate browser automation but exposes high-risk capabilities: arbitrary JS/Playwright execution and persistent shared browser contexts that preserve authentication state. Without documented authentication, network-binding restrictions, or caller controls, the MCP HTTP endpoint presents a significant attack surface enabling credential theft, internal data access, and data exfiltration. Recommend requiring secure defaults (bind to localhost, require authentication tokens), disabling shared contexts for untrusted callers, auditing/logging, and restricting arbitrary-code execution (use a safe, whitelisted command set) before deploying in environments with sensitive data.