Blog.

Scout Browser: Give Claude a Browser in One Command

Cover Image for Scout Browser: Give Claude a Browser in One Command
Stephen Doherty
Stephen Doherty
7 min read

The Missing Sense

Claude can read your codebase, run your tests, write your commits, and argue with your linter. It can do everything a developer does — except open a browser. Ask it to check if your deployment actually works, scrape a table from a vendor portal, or log into a dashboard, and you hit a wall. The most capable coding assistant in the world cannot click a link.

Scout Browser fixes that. One command:

claude install stemado/scout-browser

That's it. Claude now has a browser. No API keys, no Docker containers, no YAML files longer than your arm. Just a plugin that gives Claude eyes, hands, and the good sense not to stare at screenshots all day.

Why Everything Else Is Doing It Wrong

There are other browser MCPs. A reasonable person might ask why another one exists. The answer is that the others have made a fundamental mistake, and it is the kind of mistake that is so obvious you almost can't see it.

They take screenshots.

Think about what happens when a screenshot-based tool wants to click a button. It captures an image of the entire page — about 124,000 tokens worth of visual data — feeds it to the model, and asks: "Where is the Login button?" The model squints at pixels, guesses at coordinates, and clicks somewhere in the general vicinity. If the page scrolls, it takes another screenshot. Another 124,000 tokens. The meter is running like a taxi in a traffic jam.

Scout reads the DOM. The actual page structure, the way you would if you opened DevTools. It finds every button, link, and input field. It generates a CSS selector for each one — a precise address, not a guess. The cost? About 200 tokens. Against 124,000.

This is not an incremental improvement. This is the difference between reading a map and photographing the entire countryside from a balloon.

The Websites Fight Back (And Lose)

Here is a fact that every other browser tool quietly hopes you won't notice: most of them don't work on real websites.

Playwright, Puppeteer, Selenium — they control browsers well enough. But modern websites have become quite good at spotting them. They check browser fingerprints. They watch timing patterns. They notice the mechanical precision that separates a bot from a person. Try to automate a login on any serious website with Playwright and you will meet a CAPTCHA wall before you finish typing your email.

Scout uses Botasaurus, which handles all of this. The fingerprinting, the human-like timing, the small touches that make a session look ordinary. Sites that block Playwright see a normal browser. This is not cleverness for its own sake. It is the practical reality that a tool which breaks on every other website is not a tool at all. It is a demo.

Your Password Is None of Claude's Business

Every browser MCP that handles logins faces the same question: who sees the credentials?

Most of them answer this question badly. The password appears in the conversation. It sits in the context window. It might end up in logs, in training data, in places you'd rather it didn't go. Some tools ask you to type your password directly into the chat. This is the digital equivalent of shouting your PIN across a crowded bank lobby.

Scout's fill_secret takes a different approach. Your credentials live in a .env file on your machine. When Claude needs to log in, it calls fill_secret with a key name. Scout reads the value server-side and types it into the form field. Claude never sees the password. The response it gets back is: "chars_typed": 22.

Twenty-two characters were typed. That is all Claude knows. That is all it needs to know.

You can scope credentials to specific domains, so your bank password physically cannot be typed into a phishing site. Captured network traffic gets scrubbed of sensitive fields automatically. The separation is total: Claude has the authority to act but not the knowledge to compromise.

It Feels Native

Other browser MCPs are tools you bolt onto Claude. Scout Browser is a plugin that becomes part of Claude.

Say "open a browser and check my deployment." You don't need to remember a tool name or a slash command. Scout's skill triggers automatically when you mention browsing, automating, or scouting a website. Claude just does it.

When you want more control, three slash commands are there:

  • /scout — Open a browser and get a structured report of any page
  • /scout:export-workflow — Turn your browsing session into a standalone Python script
  • /scout:schedule — Schedule that script to run on a timer, using your OS's native scheduler

The full arc is: walk through a task once with Claude, export it as a script, schedule it, and never think about it again. What was manual becomes automated through conversation. What was a conversation becomes a cron job.

Twenty Tools, Not Two

Some browser MCPs give you "navigate" and "screenshot." Scout exposes twenty tools through the Model Context Protocol:

Launch and manage browser sessions. Scout pages for their structure. Find specific elements with CSS selectors. Click, type, and select. Monitor network traffic to discover the APIs hiding behind web dashboards. Record video of browser sessions. Process downloads. Execute JavaScript directly. Handle iframes and shadow DOM, the dark corners of the web that simpler tools pretend don't exist.

Each tool does one thing and does it well. Together they cover the full surface of what you'd actually want to do in a browser, because they were built by someone who actually automates browsers, not someone who built a demo and called it a product.

The Security You Don't See

Scout has seven layers of security, and the best ones are the ones you never notice:

Web pages can contain text designed to hijack AI agents — hidden instructions that say "ignore your previous orders." Scout scans for these and warns Claude before the content reaches it. Every piece of web content comes wrapped in explicit boundary markers so Claude knows the difference between its instructions and someone else's words.

Session tokens are verified cryptographically. Navigation is restricted to approved domains unless you say otherwise. POST request bodies are automatically scrubbed of passwords and API keys. Audit logs capture every security event as structured JSON.

Seven locks on the door. Not because any one is perfect, but because security works by being several things at once.

Install It

claude install stemado/scout-browser

You need Chrome, Node.js, and Python 3.11 or higher. Scout checks for all three when it starts and tells you exactly what's missing.

The repository is on GitHub. MIT licensed. The plugin wraps the Scout MCP server, which is also open source.

If you are using Claude Code and you want it to browse the web, this is the tool. Not because it is new or because it is different, but because it does the obvious thing that the others somehow didn't: it reads the page, it keeps your secrets, and it doesn't get caught.

The best tools are the ones that make you wonder why you ever did it any other way.

Written with AI assistance. Ideas and direction: 100% human.

Share:

Comments

Get insights delivered

Join the newsletter to get system-level insights and organizational patterns in your inbox.

No spam. Unsubscribe anytime.