MCP Server Pentest

Overview Inspect Schema Related Servers Score Discussions

browser_evaluate

Execute JavaScript directly in the browser console to test web application vulnerabilities, analyze client-side behavior, and enhance penetration testing workflows with the MCP Server Pentest.

Instructions

Execute JavaScript in the browser console

Input Schema

TableJSON Schema

Name	Required	Description	Default
`script`	Yes	JavaScript code to execute

Implementation Reference

index.ts:721-762 (handler)
Handler implementation for the 'browser_evaluate' tool. Executes JavaScript code in the browser context using page.evaluate(), overrides console methods to capture logs, and returns the execution result along with captured console output.
case ToolName.BrowserEvaluate: try { const result = await page.evaluate((script) => { const logs: string[] = []; const originalConsole = { ...console }; ['log', 'info', 'warn', 'error'].forEach(method => { (console as any)[method] = (...args: any[]) => { logs.push(`[${method}] ${args.join(' ')}`); (originalConsole as any)[method](...args); }; }); try { const result = eval(script); Object.assign(console, originalConsole); return { result, logs }; } catch (error) { Object.assign(console, originalConsole); throw error; } }, args.script); return { content: [ { type: "text", text: `Execution result:\n${JSON.stringify(result.result, null, 2)}\n\nConsole output:\n${result.logs.join('\n')}`, }, ], isError: false, }; } catch (error) { return { content: [{ type: "text", text: `Script execution failed: ${(error as Error).message}`, }], isError: true, }; }
index.ts:155-165 (schema)
Tool definition including name, description, and input schema for 'browser_evaluate'. Defines the expected input: a 'script' string.
{ name: ToolName.BrowserEvaluate, description: "Execute JavaScript in the browser console", inputSchema: { type: "object", properties: { script: { type: "string", description: "JavaScript code to execute" }, }, required: ["script"], }, },
index.ts:22-35 (registration)
Enum definition mapping ToolName.BrowserEvaluate to the string 'browser_evaluate', used for tool identification in handlers and registrations.
enum ToolName { BrowserNavigate = "browser_navigate", BrowserScreenshot = "browser_screenshot", BrowserClick = "browser_click", BrowserClickText = "browser_click_text", BrowserFill = "browser_fill", BrowserSelect = "browser_select", BrowserSelectText = "browser_select_text", BrowserHover = "browser_hover", BrowserHoverText = "browser_hover_text", BrowserEvaluate = "browser_evaluate", BrowserUrlReflectedXss = "broser_url_reflected_xss", BrowserUrlSqlInjection = "browser_url_sql_injection" }
index.ts:844-846 (registration)
Registration of the general CallToolRequestSchema handler, which dispatches to handleToolCall based on tool name, invoking the browser_evaluate case when matched.
server.setRequestHandler(CallToolRequestSchema, async (request) => handleToolCall(request.params.name as ToolName, request.params.arguments ?? {}) );

This server cannot be installed

Other Tools

Related Tools

playwright_evaluate
@devskido/customed-playwright
playwright_evaluate
@blackwhite084/playwright-plus-python-mcp
evaluate_javascript
@Wladastic/mcp-browser-server
playwright_evaluate
@pvinis/mcp-playwright-stealth
puppeteer_evaluate
@cploujoux/mcp-puppeteer
execute_function
@Lizzard-Solutions/browserless-mcp

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/9olidity/MCP-Server-Pentest'

If you have feedback or need assistance with the MCP directory API, please join our Discord server