grade F

10 days ago

glama

Leapfrog MCP

Multi-session browser MCP server that gives AI agents up to 15 fully-isolated browsers running in parallel. 36 tools including navigation, extraction, network intercept, stealth, and self-improvement. Each session has its own cookies, storage, and fingerprint so agents never collide.

→ anthonybono21-cloud/leapfrog · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Tool descriptions don’t match what handlers do

2 tools describe read intent but their handlers mutate — session_list_profiles (line 672: fs.mkdir(PROFILE_DIR, { recursive: true })); profile_list (line 2807: fs.mkdir(LEAP_PROFILES_DIR, { recursive: true }))

⚠️

Known vulnerabilities in dependencies: 3 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 1 credential: LEAP_CAPTCHA_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configLEAP_AD_BLOCK

configLEAP_ALLOW_EXECUTE— true Allow the execute tool (sandboxed Playwright scripts)

configLEAP_ALLOW_JS— true Allow JS evaluation in extract and wait_for

configLEAP_AUTO_CONSENT— "": "true"

configLEAP_AUTO_WARM— false Auto-warm profiles by loading key URLs on session create

configLEAP_BLOCK_LOCALHOST— false Block localhost/127.x.x.x (allowed by default for local dev)

🔐 secretLEAP_CAPTCHA_API_KEY— External solvers: set LEAP_CAPTCHA_PROVIDER + for CapSolver, 2Captcha, or NopeCHA integration

configLEAP_CAPTCHA_PROVIDER— External solvers: set + LEAP_CAPTCHA_API_KEY for CapSolver, 2Captcha, or NopeCHA integration

configLEAP_CDP_ENDPOINT— Or set to connect to an already-running Chrome instance

configLEAP_CDP_STEALTH— true CDP detection evasion (Runtime.enable filtering)

configLEAP_CHANNEL— Set =chrome to use your installed Chrome/Chromium (recommended)

configLEAP_EXTENSIONS— _(none)_ Comma-separated paths to browser extensions to load

configLEAP_HEADED— false Set true to watch the browser (positive alternative to LEAP_HEADLESS)

configLEAP_HEADLESS— true Set false to watch the browser

configLEAP_HUD— "": "true",

configLEAP_HUMANIZE— Set =true to enable human-like browser interaction. This is opt-in and adds latency in exchange for more realistic behavior. Six modules:

configLEAP_IDLE_TIMEOUT— 1800000 Session idle timeout in ms (30 min). Set 0 to disable.

configLEAP_LOG_LEVEL— info debug / info / warn / error

configLEAP_MAX_SESSIONS— 15 Max concurrent sessions

configLEAP_MAX_SESSIONS_PER_CLIENT— _(none)_ Per-client session pool limit

configLEAP_MULTI_TILE— false Multi-terminal tiling coordination across Leapfrog instances

configLEAP_PROFILES_DIR— ~/.leapfrog/chrome-profiles Directory for persistent browser profiles

configLEAP_REBROWSER— false Enable Rebrowser integration

configLEAP_RECORD— false Session recording (action history export)

configLEAP_SCREEN_HEIGHT— _(auto)_ Explicit screen height for tiling calculations

configLEAP_SCREEN_WIDTH— _(auto)_ Explicit screen width for tiling calculations

configLEAP_STEALTH— Leapfrog ships 19 anti-detection patches enabled by default (=true). Four modes:

configLEAP_STEALTH_PROFILES— false Enable stealth patches on profile (auth'd) sessions

configLEAP_STORAGE_PROFILES_DIR

configLEAP_TILE— "": "true",

configLEAP_TILE_PADDING— 8 Padding between tiled windows (px)

configLEAP_TRACE— # Tracing (=true)

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 8 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/anthonybono21-cloud-leapfrog-l9u6z1)](https://m8ven.ai/mcp/anthonybono21-cloud-leapfrog-l9u6z1)

commit: dddbe82be128a20779549b844a5c700643217943

code hash: 42e04cbf57ebc88338d310a9857999af3ad58a132db3fb07ffa77aaf4b4ee71d

verified: 4/11/2026, 2:15:18 PM

view raw JSON →