mcpindex.ai
← Index

io.github.ObscuritySRL/umbriel

io.github.ObscuritySRL/umbriel·v1.10.1·Browser Automation

Playwright for the Windows desktop, from Bun — drive native GUIs via UI Automation + MCP.

Trust verdict · v1 advisory · method
NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables
UMBRIEL_PROFILE

Capability profile: 'readonly' (inspect/read only), 'safe' (read + input + window — default), or 'full' (also os + fs tools).

UMBRIEL_OS

Set to '1' to allow the 'os' tools (launch_app/run_program/open_path, kill_process, manage_process, control_service, set_env, registry_get/registry_list/registry_set) AND the 'fs' tools (read_file/write_file/list_dir/stat_path/make_dir/copy_file/move_file/delete_file) regardless of profile.

UMBRIEL_ALLOW

Comma-separated tool names or categories to additionally allow on top of the profile.

UMBRIEL_DENY

Comma-separated tool names or categories to deny, overriding the profile and UMBRIEL_ALLOW.

UMBRIEL_CURSOR

Set to 'never' to forbid the real-cursor fallback entirely (strictly cursor-free). By default clicks/drags are cursor-free but fall back to the real hardware cursor when no cursor-free path exists.

UMBRIEL_FS_ROOT

Sandbox root directory that the fs-category file tools (read_file/write_file/list_dir/stat_path/make_dir/copy_file/move_file/delete_file) are confined to when fs tools are enabled; open_path's path argument is honored too.

UMBRIEL_TRACE

File path to journal every mutating tool call as JSON Lines (tool, category, masked args, ok, observation); secret-bearing args and values are redacted. Unset = no trace.

UMBRIEL_AUDIT

Controls the default-on stderr audit of mutating tool calls. 'off' is the explicit opt-out (reported at startup); 'verbose' also audits reads.

UMBRIEL_REDACT

Credential masking (default on). 'off' opts out; a regex value overrides the built-in secret shapes masked in clipboard/env/registry reads and the trace journal.

MCP quality score · maturity, not trust · methodology
freshness
25
completeness
10
installability
25
documentation
15
stability
10
Alternatives in Browser Automation
ai.smithery/ImRonAI-mcp-server-browserbase
ai.smithery/ImRonAI-mcp-server-browserbase

Automate cloud browsers to navigate websites, interact with elements, and extract structured data.…

ai.smithery/browserbasehq-mcp-browserbase
ai.smithery/browserbasehq-mcp-browserbase

Provides cloud browser automation capabilities using Stagehand and Browserbase, enabling LLMs to i…

DocWand
app.docwand/pdf

Sign, fill, merge and split PDFs entirely in your browser - files never leave your device.