Back to Blog
Security February 23, 2026 · 4 min read

The MCP Server Security Problem Nobody Is Talking About

Open-source MCP browser tools are unaudited and self-hosted. PageBolt MCP is a managed service with SSRF protection, rate limiting, and request logging — the accountability layer AI workflows need.

MCP servers are proliferating fast. Developers are installing them from GitHub, npm, and community directories — and most of those tools run locally with direct access to a browser, the filesystem, and outbound network connections.

That's a meaningful attack surface. And right now, almost none of it is audited.

The problem with self-hosted browser MCPs

When you install an open-source browser automation MCP — Playwright-based, Puppeteer-based, or otherwise — you're running someone else's code inside your AI assistant's tool-calling loop. That code has network access. It can make requests to internal services. It can be updated silently when you npm install next week.

SSRF (Server-Side Request Forgery) is the most obvious risk: an MCP tool that accepts a URL parameter and navigates a browser to it can be prompted — intentionally or through prompt injection — to hit http://169.254.169.254/ (AWS metadata), internal dashboards, or private APIs. There's no rate limiting. There's no request logging. There's no quota. If something goes wrong, there's no audit trail.

MCP supply chain attacks are still early. But the pattern is established: popular tools get compromised, users don't notice, and by the time the incident is discovered, the blast radius is wide.

What a managed MCP server changes

PageBolt MCP runs as a managed service. When your AI assistant calls record_video or take_screenshot, the request goes to PageBolt's infrastructure — not a local browser process on your machine.

That means:

SSRF protection built in. Requests to private IP ranges, localhost, and cloud metadata endpoints are blocked at the network layer. Your AI assistant cannot be prompted into hitting internal services through a PageBolt tool call.

Rate limiting and quota enforcement. Every API key has a request quota. Runaway agent loops don't spin up unlimited browser instances — they hit a limit and stop. Self-hosted tools have no such constraint.

Request logging. Every tool call is logged against your account. You can see what URLs were visited, what steps were executed, and when. If an AI agent does something unexpected, you have a record.

Audited code, maintained package. pagebolt-mcp is maintained by the PageBolt team, published to npm under a verified account, and updated deliberately. You're not running an unreviewed community package.

The capability side

Security is the reason to trust a managed MCP. But it's not the reason to choose PageBolt over other browser MCPs specifically.

The differentiation is output format. Most browser automation MCPs optimize for task completion — they extract data, click buttons, fill forms, and return structured text. PageBolt optimizes for media output.

record_video with audioGuide returns a narrated MP4: a real browser session with an AI voice walking through each step, synced to the actions. No other MCP server produces this. That's a meaningful capability gap for teams building demos, tutorials, automated QA recordings, or PR review artifacts.

Trusted infrastructure plus narrated video recording. That's the combination.

Installing PageBolt MCP

Add to your Claude Desktop or Cursor config:

{
  "mcpServers": {
    "pagebolt": {
      "command": "npx",
      "args": ["-y", "pagebolt-mcp"],
      "env": { "PAGEBOLT_API_KEY": "your_key_here" }
    }
  }
}

Free tier — 100 requests/month

No credit card required. Full API access including screenshots, video recording, PDF generation, and page inspection.

Get your free API key