[BUG] MCP design-linter has systematic blind spot due to bot detection

Resolved 💬 2 comments Opened Jan 24, 2026 by Drewx-Design Closed Jan 24, 2026

Summary

The MCP design-linter tool returns 0 issues on sites that detect headless browsers (e.g., Reddit), while the Chrome extension correctly finds 500+ issues on the same sites. This creates a systematic blind spot in accuracy testing.

Evidence

| Metric | MCP/CLI (Puppeteer) | Chrome Extension |
|--------|---------------------|------------------|
| old.reddit.com issues | 0 | 500 (123 errors, 377 warnings) |
| Execution time | 6-7ms | Normal |
| Browser type | Headless Puppeteer | Real Chrome |

The 6-7ms execution time is a red flag - it indicates the linter found no elements to analyze because Reddit served different content to the headless browser.

Root Cause

The MCP design-linter uses Puppeteer with minimal stealth configuration:

// browser.js
const chromeArgs = [
    `--disable-extensions-except=${extensionPath}`,
    `--load-extension=${extensionPath}`,
    '--disable-dev-shm-usage',
    '--disable-gpu',
];

await puppeteer.launch({
    headless: true,  // Easily detectable
    // No user-agent spoofing
    // No stealth plugins
});

Reddit (and likely other sites) detect the headless browser and serve:

  • A minimal/empty page
  • A redirect to login/captcha
  • An interstitial blocking page

Impact

  • Accuracy testing is unreliable for sites with bot detection
  • False negatives in the "baseline-messy" category (Old Reddit shows 0 issues when it should show hundreds)
  • Ground truth mismatch between MCP tool and Chrome extension

Recommended Fixes

Option 1: Add puppeteer-extra with stealth plugin (Recommended)

import puppeteer from 'puppeteer-extra';
import StealthPlugin from 'puppeteer-extra-plugin-stealth';

puppeteer.use(StealthPlugin());

Option 2: Use new headless mode

await puppeteer.launch({
    headless: 'new',  // Chrome's new headless mode is harder to detect
});

Option 3: Add user-agent spoofing

await page.setUserAgent('Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36...');

Option 4: Hybrid approach

  • Detect when headless analysis returns suspiciously fast (< 100ms)
  • Flag sites as "potentially blocked"
  • Fall back to extension-based analysis for these sites

Affected Sites in Corpus

From accuracy testing run on 2026-01-24:

  • old.reddit.com - 0 issues (expected: high)
  • Possibly others that returned suspiciously low counts

Acceptance Criteria

  • [ ] MCP design-linter bypasses common bot detection
  • [ ] Old Reddit returns similar issue count to Chrome extension
  • [ ] Accuracy testing includes "bot detection bypass" verification
  • [ ] Sites that block headless browsers are flagged in reports

Labels

bug, accuracy, mcp, puppeteer

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗