AI-native stealth browser MCP server — Browser Use + Patchright

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Koreahwan from gravatar.com Koreahwan

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: KH
  • Tags ai-agent , browser-automation , browser-use , cline , codex , cursor , mcp , opencode , patchright , stealth , windsurf , wraith
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

wraith-mcp

PyPI License: MIT

AI-native stealth browser MCP server. Tell it what to do — it figures out how.

Browser Use (AI vision navigation) + Patchright (bot detection bypass).

Why This One?

wraith-mcp playwright-mcp stealth-browser-mcp browser-use-mcp-server
Navigation AI vision (self-healing) CSS selectors CSS selectors AI vision
Bot detection bypass Patchright (binary-level) None nodriver None
Tools 6 (browse, extract, screenshot, sessions) 20+ 90+ via Agent
Site layout changes Adapts automatically Breaks Breaks Adapts
LLM providers 6 (Anthropic, OpenAI, OpenRouter, Google, Ollama, +compatible) N/A 1 1

One command does it all — no selectors, no step-by-step scripting:

"Log into my dashboard and download the monthly report"

Quick Start

Add wraith-mcp as MCP server

Install

pip install wraith-mcp

Setup

Add to your MCP config (.mcp.json, .cursor/mcp.json, .windsurf/mcp.json, etc.):

{
  "mcpServers": {
    "wraith": {
      "command": "wraith-mcp",
      "env": {
        "HEADLESS": "true"
      }
    }
  }
}

Works with any MCP client: Cursor, Windsurf, VS Code, Cline, Roo Code, OpenCode, Codex, and more.

These clients call Wraith over MCP. When the client supports MCP sampling, Wraith can ask that already logged-in client model to drive Browser Use, so no separate Wraith API key is needed.

Do I Need an API Key?

Not when your MCP client supports sampling/createMessage.

Wraith's preferred keyless path is MCP sampling: the MCP client mediates model calls using its own logged-in model session. Wraith does not read Codex, Claude Code, or OpenCode OAuth tokens directly.

If your client does not support sampling, configure a fallback provider such as OPENROUTER_API_KEY, OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_API_KEY, or local Ollama via OLLAMA_MODEL. Do not paste Codex login/OAuth as OPENAI_API_KEY; it is not an API-key credential.

Tools

Tool Description
browse Execute any browser task in natural language
extract Pull structured data from a page
screenshot Capture a page as base64 PNG
list_sessions List active persistent browser session IDs
close_session Close a persistent browser session
close_all_sessions Close all active persistent browser sessions

browse and extract support optional session_id for persistent browser sessions across multiple calls. Use list_sessions, close_session, and close_all_sessions to manage those sessions.

Fallback LLM Providers

Use these only when your MCP client does not support sampling, or when you want to force Wraith to use an explicit provider.

Provider Key
Anthropic (default) ANTHROPIC_API_KEY
OpenRouter OPENROUTER_API_KEY
OpenAI OPENAI_API_KEY
DeepSeek / Groq / Together OPENAI_API_KEY + OPENAI_BASE_URL
Google Gemini GOOGLE_API_KEY
Ollama (local) OLLAMA_MODEL

Set BROWSER_USE_MODEL to override the default model or provide a sampling model hint to the MCP client.

Browser Options

Wraith keeps its default browser profile unless optional env vars are set. It can forward Browser Use profile knobs for domain policy (BROWSER_ALLOWED_DOMAINS, BROWSER_PROHIBITED_DOMAINS, BROWSER_BLOCK_IP_ADDRESSES=true for Browser Use's direct-IP navigation block), session/artifacts (BROWSER_STORAGE_STATE, BROWSER_USER_DATA_DIR, BROWSER_DOWNLOADS_PATH, BROWSER_RECORD_HAR_PATH, BROWSER_RECORD_VIDEO_DIR, BROWSER_TRACES_DIR), and permissions, viewport, or wait timing (BROWSER_PERMISSIONS, BROWSER_VIEWPORT, BROWSER_MINIMUM_WAIT_PAGE_LOAD_TIME, BROWSER_WAIT_FOR_NETWORK_IDLE_PAGE_LOAD_TIME, BROWSER_WAIT_BETWEEN_ACTIONS) when the installed Browser Use BrowserProfile supports those fields. Domain/IP policy env vars fail closed on unsupported Browser Use versions.

Docker

docker build -t wraith-mcp .
docker run -i --rm wraith-mcp

SSE mode for local-only testing:

docker run -p 127.0.0.1:8808:8808 wraith-mcp --transport sse --host 0.0.0.0 --port 8808

Do not expose the SSE port directly to an untrusted network. If you need remote access, put it behind an authenticated proxy or SSH tunnel and restrict browsing with BROWSER_ALLOWED_DOMAINS plus BROWSER_BLOCK_IP_ADDRESSES=true.

SSE Transport

wraith-mcp --transport sse --host 127.0.0.1 --port 8808

The SSE host defaults to 127.0.0.1. Binding to 0.0.0.0 is only appropriate behind an authenticated proxy or another trusted network boundary.

How It Works

AI Agent -> MCP Server -> Browser Use Agent -> Patchright Chromium
  1. Describe a task in natural language
  2. Browser Use asks the MCP client model through sampling, or a fallback provider
  3. Browser Use sees the page (screenshot + DOM) and decides actions
  4. Patchright executes without triggering bot detection

Security

  • URL scheme validation (http/https only)
  • max_steps capped at 50 server-side
  • Input length capped at 4000 chars
  • Task timeout (default 120s, configurable via BROWSER_TASK_TIMEOUT)
  • Proxy support via PROXY_SERVER
  • SSE transport binds to 127.0.0.1 by default; do not expose it directly without authentication
  • Browser Use page context is sent to the MCP client model via sampling, or to the configured fallback provider

Limitations

  • Binary-level stealth only (no Runtime.enable CDP fix)
  • Enterprise WAFs may still block without residential proxies
  • Fresh browser per call (~3s startup)
  • Keyless mode requires an MCP client with sampling/createMessage support
  • Sampling support varies by MCP client; use a fallback provider or Ollama when unsupported

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for Koreahwan from gravatar.com Koreahwan

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: KH
  • Tags ai-agent , browser-automation , browser-use , cline , codex , cursor , mcp , opencode , patchright , stealth , windsurf , wraith
  • Requires: Python >=3.11
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.2.2

0.2.1

0.2.0

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

wraith_mcp-0.2.2.tar.gz (259.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

wraith_mcp-0.2.2-py3-none-any.whl (21.0 kB view details)

Uploaded Python 3

File details

Details for the file wraith_mcp-0.2.2.tar.gz.

File metadata

  • Download URL: wraith_mcp-0.2.2.tar.gz
  • Upload date:
  • Size: 259.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for wraith_mcp-0.2.2.tar.gz
Algorithm Hash digest
SHA256 04046e35e1af4d01f76b89aa072b019d2d45ee0bb6b6a595aaf86f017f5414c0
MD5 9a67b172da5fc9af7a3f8209e220be57
BLAKE2b-256 3b7e55b07a641e5ce0d9f0e865751e8cdc282c30c092818d569c61e2c7ac9d27

See more details on using hashes here.

Provenance

The following attestation bundles were made for wraith_mcp-0.2.2.tar.gz:

Publisher: publish.yml on Koreahwan/wraith-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file wraith_mcp-0.2.2-py3-none-any.whl.

File metadata

  • Download URL: wraith_mcp-0.2.2-py3-none-any.whl
  • Upload date:
  • Size: 21.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for wraith_mcp-0.2.2-py3-none-any.whl
Algorithm Hash digest
SHA256 7d6d7a2e645bf2ec5c6bbeb7f2054ab29d2622af92f38f6b1f244521a670e7b1
MD5 958bfb9bd59a295fecd0284320298322
BLAKE2b-256 0f42d6e760c4d4c5044f29ddc01f052b518e83177a8ba2a050f814a59c1c231d

See more details on using hashes here.

Provenance

The following attestation bundles were made for wraith_mcp-0.2.2-py3-none-any.whl:

Publisher: publish.yml on Koreahwan/wraith-mcp

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page