IdeaWell

Project ideas from Hacker News discussions.

Chrome DevTools MCP (2025)

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Security & Prompt‑Injection Risks
Users repeatedly warn that connecting an LLM to an open Chrome session gives the model “unlimited access” to the user’s data.

“On one hand, cool demo, on the other, this is horrifying… you’re literally one prompt injection away from someone having unlimited access to all of your everything.” – Etheryte
“Separate profiles won’t save you from that, but there are other approaches.” – mh-

2. Token‑Cost & Context Bloat of MCP
The community is split over the “MCP‑vs‑CLI” debate, with many pointing out that MCP servers inflate the prompt with thousands of tool definitions.

“MCP is extremely token heavy… I’ve been using the DevTools MCP for months now, but it’s extremely token heavy.” – rossvc
“Tool Search fixes this with per‑tool lazy loading… 85 % token reduction.” – flash_us0101

3. Preference for Direct CLI / Playwright over MCP
A large portion of the discussion favors lightweight, headless CLI tools (Playwright, agent‑browser, bb‑browser) for their speed, token efficiency, and easier setup.

“I use Playwright to intercept all requests… it creates a detailed strongly‑typed API.” – dataviz1000
“Playwright CLI is more token‑efficient than MCP.” – torn

4. Ethical / Legal Concerns Around Scraping & ToS Violations
Several comments caution that automating browsers to scrape or reverse‑engineer sites can break terms of service and raise privacy issues.

“It breaks everyone’s terms of service. I would not recommend nor encourage using.” – dataviz1000
“You can just start claude with the —chrome flag… it will connect to the chrome extension.” – thefreeman (implied risk of bypassing protections)

These four themes capture the core concerns and preferences that dominate the discussion.

🚀 Project Ideas

SecureAgent Browser

Summary

  • A sandboxed, container‑based browser automation framework that isolates agent credentials and limits prompt‑injection attack surface.
  • Provides a CLI and a minimal MCP‑style API that automatically scopes actions to a per‑user credential vault and enforces a whitelist of allowed domains and actions.

Details

Key Value
Target Audience Developers building LLM‑powered agents that need to interact with web services (e.g., music libraries, data scraping).
Core Feature Secure, per‑session browser instance with credential vault, policy engine, and token‑efficient command set.
Tech Stack Docker, Playwright, Rust/Go CLI, JSON‑based policy files, Vault/Key‑Management Service integration.
Difficulty Medium
Monetization Revenue‑ready: subscription + enterprise licensing

Notes

  • HN users lament “one prompt injection away from unlimited access” and “separate profiles won’t save you from that” (mh‑). This tool gives a hard boundary.
  • The policy engine can auto‑reject any command that tries to access disallowed URLs or credentials, addressing the “prompt injection” fear.
  • The CLI can be used in CI/CD pipelines, making it attractive for dev‑ops teams.

TokenLite Browser

Summary

  • A lightweight browser automation CLI that captures only the minimal DOM fragments and network payloads needed for an LLM, drastically reducing token usage.
  • Includes a built‑in summarizer that extracts relevant fields before sending to the model.

Details

Key Value
Target Audience LLM users who hit token limits with MCP or Playwright (e.g., Codex, Claude).
Core Feature Selective data extraction, on‑the‑fly summarization, and a “focus” mode that limits context to user‑specified selectors or URLs.
Tech Stack Node.js, Playwright, OpenAI/Claude summarization API, JSON schema for output.
Difficulty Low
Monetization Hobby

Notes

  • Addresses the “token heavy” complaint from rossvc and nerdsniper: “MCP is extremely token heavy.”
  • By sending only the necessary snippets, users can keep the same level of automation while staying within token budgets.
  • The summarizer can be swapped out for any LLM, making it future‑proof.

AgentAPI Spec

Summary

  • A web‑standard (agents.json) that lets site owners declare machine‑readable interaction layers: available actions, auth flows, and response schemas.
  • Comes with a browser extension that automatically discovers and exposes these APIs to LLM agents, eliminating the need for DOM scraping.

Details

Key Value
Target Audience Website owners, API developers, and LLM agents that need reliable, token‑efficient interactions.
Core Feature Declarative action definitions, OAuth2 flow templates, and a runtime that maps LLM calls to HTTP endpoints.
Tech Stack JSON Schema, TypeScript, WebExtension API, OAuth2 libraries.
Difficulty Medium
Monetization Revenue‑ready: freemium + enterprise support

Notes

  • Directly tackles the “need for a standard for websites to expose a machine‑readable interaction layer” (paseante).
  • By moving interaction logic out of the DOM, agents avoid the “flaky selectors” and “token waste” issues raised by many commenters.
  • The spec can be adopted by major platforms (e.g., YouTube, Spotify) to provide a clean API for agents, improving user experience and security.

Read Later