cdpilot

cdpilot is a CLI for local browser automation using Chrome DevTools Protocol (CDP), offering many browser-control commands (navigation, clicking, typing, screenshots/PDF, console/network/diagnostics, network throttling/proxy, request interception, device emulation, geolocation, cookies/storage, tabs, etc.). It also advertises an MCP server/tool mode so AI agents can invoke the CLI. It launches an isolated browser profile/session locally and communicates with the browser over local CDP endpoints (127.0.0.1 by default).

Evaluated Mar 30, 2026 (0d ago)
Homepage ↗ Repo ↗ DevTools ai-agent automation browser-automation cdp cli mcp model-context-protocol web-scraping web-testing screenshot pdf network-interception device-emulation debugging accessibility zero-dependency
⚙ Agent Friendliness
52
/ 100
Can an agent use this?
🔒 Security
52
/ 100
Is it safe for agents?
⚡ Reliability
22
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
45
Documentation
70
Error Messages
0
Auth Simplicity
95
Rate Limits
0

🔒 Security

TLS Enforcement
80
Auth Strength
30
Scope Granularity
10
Dep. Hygiene
85
Secret Handling
70

Strengths (from README): isolated browser profile (~/.cdpilot/profile), CDP listens on 127.0.0.1 by default (no remote connections by default), warnings about safer selector handling (JSON-escaped selectors), claims of path traversal protection for screenshot filenames, and local-only execution/privacy-first. Gaps/unknowns: no explicit secrets management guidance beyond local profile; no authentication/authorization model because it’s local CLI; dependency list is empty in the provided manifest but the underlying implementation details/dependency scan are not verifiable from the provided data; TLS is relevant only if any local HTTP/WebSocket is exposed, which is not clearly documented—score reflects that remote exposure is discouraged but not fully specified.

⚡ Reliability

Uptime/SLA
0
Version Stability
40
Breaking Changes
30
Error Recovery
20
AF Security Reliability

Best When

You want a lightweight, local, CLI-first CDP automation tool (optionally callable as an MCP tool) for agent-driven browsing, screenshots/PDFs, and debugging with minimal dependencies.

Avoid When

You need a formally specified HTTP/SDK API with strong error codes, explicit rate-limit policies, and documented retry/idempotency semantics; or you require enterprise authentication/authorization controls beyond local execution.

Use Cases

  • AI agent/browser tool-use for web navigation and interaction
  • Automated QA/testing of web flows via CDP without heavy browser automation frameworks
  • Debugging and diagnostics (console/network/perf/screenshots) for web pages
  • Web scraping workflows that require deterministic DOM interactions (non-credentialed/local use)
  • Generating artifacts (screenshots, PDFs) and capturing page content/HTML/text
  • Network simulation (throttle/offline/proxy) and request interception for testing
  • Accessibility tree inspection and element discovery by ARIA role

Not For

  • Running remote/hosted untrusted browser automation where localhost CDP exposure cannot be controlled
  • High-complexity, multi-browser test runners requiring first-class SDKs/framework integrations
  • Use cases requiring strong enterprise-grade governance (auditing, RBAC, managed browser infrastructure) before the promised cloud/team features exist
  • Use cases requiring fine-grained, standardized web automation APIs with robust programmatic idempotency and retries documented at the protocol level

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: Local execution (no user auth described)
OAuth: No Scopes: No

No API authentication/authorization mechanism is documented because cdpilot is a local CLI that controls a locally launched browser via CDP (127.0.0.1). Any MCP integration appears to be invoked by the agent via a local command (npx) rather than via a secured remote service.

Pricing

Free tier: Yes
Requires CC: No

Monetization is described as future/coming soon for cloud/team/priority support, but no pricing or limits are provided for the local CLI.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Browser/UI automation can be timing-sensitive; README roadmap mentions “Auto-wait” as not yet implemented, which may increase flakiness for agents that click/type immediately after navigation.
  • Commands are CLI/subprocess-oriented; when used from agents, output parsing and state management (active tab/session/port/profile) may require careful handling by the agent.
  • Some advanced DOM contexts are not indicated as supported (e.g., roadmap lists iframe & Shadow DOM support as not yet done).

Alternatives

Playwright Puppeteer Selenium web automation libraries that wrap CDP (e.g., CDP clients) Browser automation frameworks with MCP integration (if available)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for cdpilot.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

6533
Packages Evaluated
19870
Need Evaluation
586
Need Re-evaluation
Community Powered