{"id":"scout-mcp-server","name":"scout-mcp-server","homepage":"https://pypi.org/project/scout-mcp-server/","repo_url":"https://github.com/stemado/scout-mcp","category":"automation","subcategories":[],"tags":["mcp","browser-automation","playwright","selenium-alternative","stealth","bot-detection","automation","python","web","twilio-otp","rpa"],"what_it_does":"Scout is an MCP server that enables AI clients to automate browser tasks: inspect page structure, find elements, execute user-like actions (click/type/navigate/scroll/etc.), run page JavaScript, capture screenshots/video, monitor network traffic, and export session workflows. It supports connecting either by launching its own browser session or via a Chrome extension “extension mode” to reuse an existing logged-in browser state. It also includes helpers for securely typing credentials from a server-side .env and retrieving 2FA OTP codes via Twilio.","use_cases":["Automated browsing workflows driven by an MCP-capable AI client (e.g., Claude Code)","Form filling and verification on websites where selector discovery from DOM is needed","Debugging/triage tasks that benefit from DOM-based inspection and network monitoring","RPA-style multi-step workflows exported as standalone scripts","2FA flows for systems using Twilio SMS OTPs (with Twilio credentials configured)","CI or automation scenarios needing a headless/managed browser session","Reuse of an existing logged-in Chrome session via extension mode for SSO/2FA already completed"],"not_for":["Security-sensitive actions without operator review (it can execute arbitrary browser interactions and JS)","Circumventing access controls or automating prohibited/banned activities on third-party sites","Operating as a substitute for a real API when official endpoints exist","Untrusted automation contexts where credentials and cookies should never be handled server-side"],"best_when":"You want agent-driven browser automation with MCP tool calls that can reliably target elements via DOM/CSS selectors (not pixel-only screenshot interpretation), and you can run it in an environment where Chrome is available and you can safely provide required secrets (Twilio / .env).","avoid_when":"You cannot provide a secure runtime (secrets handling, network egress controls) or you require formal guarantees about not executing JS/actions; also avoid if you need strong auditability of every side-effect beyond what the session history export provides.","alternatives":["Browser automation frameworks with custom MCP/agent wrappers (e.g., Playwright/Selenium tooling you control)","Generic MCP browser tools (if available) that rely on screenshots or simpler DOM extraction","Selenium/Playwright scripts directly integrated into your own agent loop","API-first integrations using official HTTP APIs when available"],"af_score":60.5,"security_score":59.5,"reliability_score":25.0,"package_type":"mcp_server","discovery_source":["pypi"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:45:15.177577+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[".env-based server-side secret injection via fill_secret","Twilio SMS API credentials for get_2fa_code"],"oauth":false,"scopes":false,"notes":"No OAuth scopes described. Authentication is handled via provided environment variables (Twilio and local configuration) and by typing secrets from a server-side .env; there is also an extension mode that reuses an existing Chrome session (cookies/state)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information in the provided data. Costs likely come from your environment/Chrome execution and any Twilio usage if 2FA retrieval is used."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":60.5,"security_score":59.5,"reliability_score":25.0,"mcp_server_quality":85.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":65.0,"rate_limit_clarity":20.0,"tls_enforcement":60.0,"auth_strength":65.0,"scope_granularity":30.0,"dependency_hygiene":55.0,"secret_handling":85.0,"security_notes":"Security highlights in the provided README include: server-side credential isolation via fill_secret (AI client sees only metadata like chars_typed), redaction/scrubbing of Authorization/Cookie/API key headers from network logs, URL scheme allowlist (http/https), SSRF protections against localhost, loopback, link-local, and cloud metadata endpoints, safe XML parsing via defusedxml, JS execution timeout with graceful error response, and input/path validation plus stripping invisible characters and boundary markers to reduce prompt/markup confusion. However, the toolset includes execute_javascript and network monitoring, which increases risk if an agent is misdirected; the README does not provide detailed guarantees about logging retention, least-privilege for credentials, or comprehensive error-code-based guidance.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":0.0,"error_recovery":45.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Browser automation is inherently stateful; retries may cause repeated clicks/form submissions unless the workflow is designed to be idempotent.","execute_javascript can fail due to page readiness/timeouts (README mentions a JS timeout), so agents may need to re-locate elements or wait for DOM stability.","2FA retrieval depends on Twilio SMS delivery; tool outcomes may vary with external SMS delays/errors.","Extension mode requires manual Chrome extension loading/activation steps; missing steps can block tool execution."]}}