Security Audit: 3 finding(s) in @modelcontextprotocol/server-puppeteer #3313
Description
AgentAudit Security Audit Report
| Metric | Value |
|---|---|
| Package | @modelcontextprotocol/server-puppeteer |
| Version | 2025.5.12 |
| Risk Score | 11/100 |
| Result | safe |
| Findings | 6 total (0 critical, 0 high, 3 medium, 1 low) — 3 real, 3 by-design |
Findings Summary
| Severity | Title | File | Line | by_design |
|---|---|---|---|---|
| Medium | npx -y without version pinning in configuration examples | README.md | 113 | No |
| Medium | Unvalidated executablePath in launchOptions | dist/index.js | 120 | No |
| Low | Error messages expose internal details | dist/index.js | 249 | No |
| High | Arbitrary JavaScript execution via puppeteer_evaluate | dist/index.js | 331 | Yes (by-design) |
| Medium | Chrome --no-sandbox in Docker mode | dist/index.js | 142 | Yes (by-design) |
| Medium | ALLOW_DANGEROUS env var bypasses argument validation | dist/index.js | 124 | Yes (by-design) |
Key Recommendations
- Pin version in npx examples — Documentation recommends
npx -y @modelcontextprotocol/server-puppeteerwithout version pinning. Consider@modelcontextprotocol/server-puppeteer@2025.5.12. - Validate
executablePath— ThelaunchOptions.executablePathparameter is not validated against a known set of Chrome/Chromium binaries. Add it to the dangerous options check or requireallowDangerous=truewhen set. - Sanitize error messages — Raw
error.messagecontent is returned to MCP clients, potentially leaking internal file paths or system details.
Full Report
View the complete audit report with details, evidence, and remediation guidance:
AgentAudit Report
This audit was performed automatically by AgentAudit, the security registry for AI agent packages. If you believe any finding is incorrect, you can dispute it on the platform.