Cross-device MCP browser command routing — UX concern + feature feedback
Summary
While setting up Claude Code on a second PC, I discovered that MCP browser control commands (via the Claude in Chrome extension) were executing on a different PC's Chrome browser rather than the local one. Commands were cloud-routed through the shared Claude account — no direct network connection between the machines.
This was initially confusing and has security/UX implications: a user could unknowingly execute commands on the wrong machine's browser with no warning.
After investigation, the behavior turned out to be fully functional and repeatable. I'm reporting this as both a UX concern and positive feature feedback.
Environment
- Two Windows PCs on the same network, both signed into the same Claude account
- Both have Claude Desktop + Claude in Chrome extension installed
- Native messaging host
com.anthropic.claude_browser_extensionregistered on both - Claude Code running on PC-A successfully controlled Chrome on PC-B
What happened
- Ran Claude Code on PC-A (laptop) — MCP browser commands silently routed to PC-B (workstation)
- After a reboot on Day 2, both PCs prompted for browser naming — suggesting some awareness of multi-device scenarios
- The
switch_browsertool allowed targeting either browser by name - All standard browser MCP tools worked across the remote connection (tabs, navigation, DOM reading, JS execution, screenshots, clicks, scrolling, form input, network/console reads) — 14/15 passed, with only
file_uploadfailing as expected (no cross-machine filesystem access)
UX/Security concern
There is no indication to the user that commands are routing to a remote machine. I spent time debugging "why isn't my local browser responding?" before realizing the commands were hitting a different PC entirely.
Additionally, the Claude account settings page (Account > Active sessions) shows all connected devices/browsers, confirming the backend tracks these sessions — but there is no user-facing mechanism to direct MCP commands to a specific session beyond the switch_browser tool.
At minimum, a warning or confirmation when commands route cross-device would prevent confusion — and prevent unintended actions on the wrong machine.
Feature feedback
The cross-device capability is actually very useful once intentional. We used it to build and publish a full CMS page from a laptop while the browser work happened on a workstation with no physical interaction. Concrete suggestions if this becomes a formal feature:
- Connection status — a tool to list connected browsers/devices and which is active
- Explicit device targeting —
device_idorbrowser_nameparameter on browser MCP tools - Opt-in authorization — users should knowingly grant cross-device access
Happy to provide more detail if helpful.
— Rhese Hoylman, GTIN Managed IT (The Woodlands, TX)
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗