Which integrations are available for this server?

Provides tools for stealth automation of the Google Chrome browser, featuring human-like interaction patterns such as Bezier mouse movements, Gaussian typing delays, and scroll jitter to navigate websites, capture screenshots, and manage tabs while avoiding bot detection.

How do I use Chrome MCP Stealth?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Chrome MCP Stealth Go to linkedin.com and search for recruiters at Google" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

de en es ja ko ru zh

Chrome MCP Stealth

by Riaan-Fourie

Overview Schema Related Servers Score Discussions

JavaScript

Local

Chrome MCP Stealth

MCP server for stealth browser automation via Chrome DevTools Protocol. Connects to a real Chrome instance with human-like interaction patterns (Bezier mouse curves, Gaussian typing delays, scroll jitter) to avoid bot detection.

Why

Standard browser automation tools (Playwright, Puppeteer, Selenium) are trivially detected by modern anti-bot systems. Sites fingerprint mouse movements (straight lines, instant teleportation), typing patterns (uniform delays), and JavaScript properties (navigator.webdriver, missing plugins) to block automated access.

Chrome MCP Stealth solves this by layering human-like behavior on top of Playwright's CDP connection to a real Chrome instance — not a headless browser, not a fresh profile, but your actual browser with cookies, extensions, and history intact.

Features

Stealth mode: Bezier mouse movement, Gaussian keystroke delays, scroll jitter, anti-detection JS patches
Fast mode: Instant actions with no delays — available on non-protected domains
Security: 4-layer defense against prompt injection, data exfiltration, and credential leaks
Single file: Entire server is one index.js file (~630 lines)

How Stealth Works

Mouse movement follows cubic Bezier curves with randomized control points, producing natural arcs instead of straight lines. Each move uses 12–50 interpolation steps with ease-in-out timing and occasional overshoot corrections.

Typing uses Gaussian-distributed inter-key delays (~75ms mean), with extra pauses after punctuation and periodic "thinking pauses" every ~10 characters — mimicking human typing rhythm.

Scrolling is broken into jittered multi-step increments with settling delays, avoiding the instant jumps that flag automation.

Anti-detection patches remove navigator.webdriver, clean Playwright/Selenium artifacts from window, inject realistic chrome.runtime and plugin stubs.

See ARCHITECTURE.md for full implementation details.

Security Model

Prompt injection scanner — 20+ regex patterns detect instruction override attempts, social engineering, and data exfiltration commands in page content
Content sanitization — Hidden/invisible elements are stripped before returning page text, preventing injection via zero-size or off-screen elements
Content spotlighting — All page content is wrapped in <EXTERNAL_CONTENT trust="untrusted"> tags with security footers
Domain controls — Cloud metadata endpoints are blocked entirely; banking/email domains trigger warnings; stealth-only domains enforce stealth mode

Additionally, all output is scanned for credential patterns (API keys, tokens, JWTs) and redacted before being returned.

Tools (11)

Tool	Purpose
`chrome_set_mode`	Switch between stealth/fast mode
`chrome_navigate`	Navigate to URL
`chrome_snapshot`	Get sanitized accessibility tree
`chrome_screenshot`	Take PNG screenshot
`chrome_click`	Click element (Bezier mouse in stealth)
`chrome_type`	Type text (Gaussian delays in stealth)
`chrome_tabs`	List/switch/create/close tabs
`chrome_evaluate`	Run JS in page context (output redacted)
`chrome_wait`	Wait for selector or timeout
`chrome_scroll`	Scroll up/down (jittered in stealth)
`chrome_page_info`	Get current URL, title, domain risk

Setup

Launch Chrome with CDP:

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
  --remote-debugging-port=9222 \
  --user-data-dir=~/.chrome-debug-profile

Install and run:
```
npm install
npm start
```

{
  "chrome-stealth": {
    "command": "node",
    "args": ["path/to/chrome-mcp/index.js"],
    "env": { "CDP_ENDPOINT": "http://127.0.0.1:9222" }
  }
}

Stealth-Only Domains

LinkedIn (linkedin.com, www.linkedin.com) enforces stealth mode — fast mode is blocked. This is enforced at 5 layers: navigation, mode switch, every interaction, post-redirect, and tab switch.

Dependencies

@modelcontextprotocol/sdk — MCP protocol implementation
playwright-core — Chrome DevTools Protocol connection

License

MIT

This server cannot be installed

security - not tested

license - permissive license

quality - not tested

How are these scores calculated?

Resources

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Riaan-Fourie/chrome-mcp-stealth'

If you have feedback or need assistance with the MCP directory API, please join our Discord server