scout-mcp-server

Scout is an MCP server that enables AI clients to automate browser tasks: inspect page structure, find elements, execute user-like actions (click/type/navigate/scroll/etc.), run page JavaScript, capture screenshots/video, monitor network traffic, and export session workflows. It supports connecting either by launching its own browser session or via a Chrome extension “extension mode” to reuse an existing logged-in browser state. It also includes helpers for securely typing credentials from a server-side .env and retrieving 2FA OTP codes via Twilio.

Evaluated Apr 04, 2026 (0d ago)
Homepage ↗ Repo ↗ Automation mcp browser-automation playwright selenium-alternative stealth bot-detection automation python web twilio-otp rpa
⚙ Agent Friendliness
60
/ 100
Can an agent use this?
🔒 Security
60
/ 100
Is it safe for agents?
⚡ Reliability
25
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
85
Documentation
70
Error Messages
0
Auth Simplicity
65
Rate Limits
20

🔒 Security

TLS Enforcement
60
Auth Strength
65
Scope Granularity
30
Dep. Hygiene
55
Secret Handling
85

Security highlights in the provided README include: server-side credential isolation via fill_secret (AI client sees only metadata like chars_typed), redaction/scrubbing of Authorization/Cookie/API key headers from network logs, URL scheme allowlist (http/https), SSRF protections against localhost, loopback, link-local, and cloud metadata endpoints, safe XML parsing via defusedxml, JS execution timeout with graceful error response, and input/path validation plus stripping invisible characters and boundary markers to reduce prompt/markup confusion. However, the toolset includes execute_javascript and network monitoring, which increases risk if an agent is misdirected; the README does not provide detailed guarantees about logging retention, least-privilege for credentials, or comprehensive error-code-based guidance.

⚡ Reliability

Uptime/SLA
0
Version Stability
55
Breaking Changes
0
Error Recovery
45
AF Security Reliability

Best When

You want agent-driven browser automation with MCP tool calls that can reliably target elements via DOM/CSS selectors (not pixel-only screenshot interpretation), and you can run it in an environment where Chrome is available and you can safely provide required secrets (Twilio / .env).

Avoid When

You cannot provide a secure runtime (secrets handling, network egress controls) or you require formal guarantees about not executing JS/actions; also avoid if you need strong auditability of every side-effect beyond what the session history export provides.

Use Cases

  • Automated browsing workflows driven by an MCP-capable AI client (e.g., Claude Code)
  • Form filling and verification on websites where selector discovery from DOM is needed
  • Debugging/triage tasks that benefit from DOM-based inspection and network monitoring
  • RPA-style multi-step workflows exported as standalone scripts
  • 2FA flows for systems using Twilio SMS OTPs (with Twilio credentials configured)
  • CI or automation scenarios needing a headless/managed browser session
  • Reuse of an existing logged-in Chrome session via extension mode for SSO/2FA already completed

Not For

  • Security-sensitive actions without operator review (it can execute arbitrary browser interactions and JS)
  • Circumventing access controls or automating prohibited/banned activities on third-party sites
  • Operating as a substitute for a real API when official endpoints exist
  • Untrusted automation contexts where credentials and cookies should never be handled server-side

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: .env-based server-side secret injection via fill_secret Twilio SMS API credentials for get_2fa_code
OAuth: No Scopes: No

No OAuth scopes described. Authentication is handled via provided environment variables (Twilio and local configuration) and by typing secrets from a server-side .env; there is also an extension mode that reuses an existing Chrome session (cookies/state).

Pricing

Free tier: No
Requires CC: No

No pricing information in the provided data. Costs likely come from your environment/Chrome execution and any Twilio usage if 2FA retrieval is used.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Browser automation is inherently stateful; retries may cause repeated clicks/form submissions unless the workflow is designed to be idempotent.
  • execute_javascript can fail due to page readiness/timeouts (README mentions a JS timeout), so agents may need to re-locate elements or wait for DOM stability.
  • 2FA retrieval depends on Twilio SMS delivery; tool outcomes may vary with external SMS delays/errors.
  • Extension mode requires manual Chrome extension loading/activation steps; missing steps can block tool execution.

Alternatives

Browser automation frameworks with custom MCP/agent wrappers (e.g., Playwright/Selenium tooling you control) Generic MCP browser tools (if available) that rely on screenshots or simpler DOM extraction Selenium/Playwright scripts directly integrated into your own agent loop API-first integrations using official HTTP APIs when available

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for scout-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered