gemini-webapi-mcp
Provides an MCP server that bridges to Google Gemini for image generation/editing, file analysis (e.g., images/PDFs/videos), and text chat by using Gemini web access authenticated via browser cookies from Chrome (or manually provided cookie values).
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture is constrained by the reliance on sensitive session cookies (GEMINI_PSID/GEMINI_PSIDTS) and cookie extraction from a local browser. The approach lacks fine-grained scoping/authorization controls typical of API keys/OAuth. TLS enforcement for network transport is not explicitly documented, but typical HTTPS usage for web interactions is assumed; nonetheless, cookie handling and logging hygiene are critical. Dependencies include curl-cffi, numpy, Pillow, and browser-cookie3; specific CVE status and pinning are not shown in the provided data.
⚡ Reliability
Best When
You control the runtime environment (local machine/dev box), can provide/manage Chrome cookies safely, and want an MCP interface for Gemini capabilities quickly.
Avoid When
You need enterprise-grade security boundaries, audited access control, or you cannot accept dependence on reverse-engineered web interactions and third-party session cookies.
Use Cases
- • MCP-enabled assistants that need Gemini-backed image generation/editing
- • Agents that analyze user-provided files (PDFs, documents, images, videos)
- • Chat and multi-turn conversations with Gemini through MCP clients (e.g., Claude Code/Desktop)
- • Local, developer-run automation that wants to avoid separate API keys by reusing an existing logged-in browser session
Not For
- • Production-grade deployments requiring strong, first-class authentication/authorization controls
- • Teams that cannot store or process sensitive browser cookies
- • Environments needing guaranteed compliance/SLA, predictable uptime, and stable external API contracts
- • Use cases where watermark removal is disallowed or violates policies/laws
Interface
Authentication
Authentication is not an API-key/API-token mechanism; it reuses browser session cookies (or manually provided cookie values). This implies sensitive credential material handling and dependency on Google web session behavior.
Pricing
Project claims 'No API keys. Free' but actual usage limits/costs are determined by the underlying Google account/session and any rate/quotas on the web platform.
Agent Metadata
Known Gotchas
- ⚠ Cookie-based auth may break when Gemini web session changes or cookies expire; agents may need to re-run auth/setup or use a 'reset' tool
- ⚠ Rate limiting/quotas from the underlying Gemini web endpoints are not clearly documented in the provided README; retries may trigger further failures
- ⚠ MCP tool behavior depends on the upstream web workflow; long-running image generation/upscaling may time out and fall back to native resolution
- ⚠ Watermark removal is an additional transformation that may be slow or fail depending on image properties and upstream output format
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for gemini-webapi-mcp.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.