An MCP server that gives AI agents real browser capabilities including screenshotting, action execution, data extraction, and multi-persona auditing for frontend validation.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry β install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
Playwright downloads and installs browsers without verifying the authenticity of the SSL certificate
ws: Memory exhaustion DoS from tiny fragments and data chunks
ws: Uninitialized memory disclosure
yaml is vulnerable to Stack Overflow via deeply nested YAML collections
process.env. You'll be asked to provide them before it can run.ANTHROPIC_API_KEYβ "env": { "": "sk-ant-..." }AUDIT_ACTS_DIRAUDIT_AUTO_CONSENTβ 1 env or --auto-consent flag (read [PRIVACY.md](PRIVACY.md) first).AUDIT_COMPARES_DIRAUDIT_COST_GUARD_DISABLEDβ unset 1 / true to bypass entirely (CI / tests)AUDIT_COST_LEDGER_PATHβ Per-day β UTC-day total persisted across processes in a JSON ledger (default ~/.pixelcheck/cost-ledger.json, override via ).AUDIT_COST_MODEAUDIT_DEBUGAUDIT_DEBUG_LOGAUDIT_DIAGNOSE_DIRAUDIT_EXTRACTS_DIRAUDIT_HOMEAUDIT_JUDGES_DIRAUDIT_MEMORY_DISABLEDAUDIT_MEMORY_PATHAUDIT_PLAN_CACHE_DISABLEDAUDIT_PLAN_CACHE_PATHAUDIT_REDACT_INPUTSAUDIT_RESULT_CACHE_DISABLEDβ unset 1 / true to bypass entirely (read = miss, write = no-op)AUDIT_RESULT_CACHE_PATHβ ~/.pixelcheck/result-cache.db SQLite path; isolate per environmentAUDIT_SEES_DIRAUDIT_VENDOR_DRIFT_OKAUDIT_VENDOR_DRIFT_SKIP_IF_MISSINGHTTPS_PROXYLOG_FILEβ /path/to.log unset Additionally tee logs to a fileLOG_LEVELβ trace, debug, info, warn, error, fatal, silent info Minimum log levelLOG_PRETTYβ 1, true, 0, false, auto auto Force pretty-print or JSON; auto decides by TTYMAIL_TM_BASENO_PROXYOLLAMA_BASE_URLOLLAMA_CHAT_MODELOLLAMA_MODELPIXELCHECK_ALLOW_PRIVATEPIXELCHECK_DEBUG_LOGPIXELCHECK_HOMEPIXELCHECK_LLM_FALLBACKPIXELCHECK_LLM_PROVIDERPIXELCHECK_LLM_TIMEOUT_MSPIXELCHECK_MAX_RETRIESPIXELCHECK_SKIP_BROWSER_DOWNLOADβ ignore-scripts, an offline box, or =1 βPIXELCHECK_STAGEHAND_INIT_TIMEOUT_MSPIXELCHECK_UNIT_DEADLINE_MSPIXELCHECK_VERBOSITYPLAYWRIGHT_BROWSERS_PATHPLAYWRIGHT_SKIP_BROWSER_DOWNLOADSCAMLENS_ADMIN_COOKIESLACK_WEBHOOKSTEALTH_CORE_SRCSTRIPE_TEST_CARD_CVCSTRIPE_TEST_CARD_EXPSTRIPE_TEST_CARD_NUMBERSTRIPE_TEST_PUBLISHABLE_KEYTELEGRAM_BOT_TOKENTELEGRAM_CHAT_IDhttps_proxyno_proxy[](https://m8ven.ai/mcp/xcodethink-pixelcheck-1naitm)