Back to MCP Servers

Nab

Ultra-fast web fetcher and MCP server with HTTP/3, JS rendering, anti-fingerprinting, browser cookie auth, and 1Password integration. Fetches any URL as clean Markdown for AI context.

search-data-extractionbrowserai
By MikkoParkkola
6Updated todayRustMIT

Installation

npx -y nab

Configuration

{
  "mcpServers": {
    "nab": {
      "command": "npx",
      "args": ["-y", "nab"]
    }
  }
}

How to use

  1. Run the installation command above (if needed)
  2. Open your Claude Code settings file (~/.claude/settings.json)
  3. Add the configuration to the mcpServers section
  4. Restart Claude Code to apply changes

nab

CI Crates.io Downloads docs.rs Rust License: MIT + PolyForm NC MCP Protocol nab MCP server Install in VS Code Install in Cursor

Token-optimized web fetcher + multilingual ASR + URL watcher. MCP 2025-11-25 compliant. Rust. macOS arm64 first, cross-platform.

demo

nab is a single Rust binary that does three things very well: it fetches any URL as clean markdown (with your real browser cookies and anti-bot evasion), it analyzes any audio or video file with on-device multilingual ASR and speaker diarization, and it watches any URL for changes and pushes notifications when content moves. Everything runs locally. There are no API keys to set up by default. The output is shaped for LLM context windows.

Why nab

  • Token-lean by design. nab returns only what an LLM actually needs — clean markdown, BM25-lite query-focused extraction, and structure-aware token budgets — cutting the token cost of web research instead of dumping raw HTML into your context window.
  • Multimodal, fully on-device. Transcribe and diarize any audio or video (FluidAudio / Parakeet TDT v3 on the Apple Neural Engine — 131× realtime on a 2-hour clip, 25 EU languages, word-level timestamps, optional Qwen3-ASR for zh/ja/ko/vi) and OCR images via Apple Vision (15 languages, ~10–50 ms). No cloud, no API keys.
  • Authenticated reach. Real browser cookies, 1Password auto-login with TOTP/MFA, WebAuthn passkeys, fingerprint spoofing and WAF evasion — reach internal dashboards, SaaS apps, and paywalled research with the same command as a public URL.
  • Watch the web. Subscribe to any URL via MCP resources — conditional GETs, semantic diff, adaptive backoff. RSS for the entire web.
  • Prompt-injection defense, on by default. Hidden instructions addressed to your AI are surfaced to you, not silently executed by your model — see Security.

Everything is a single local Rust binary. No cloud backend, no API keys by default, output shaped for LLM context windows.

Quick start

Tell your AI assistant (recommended):

Read https://github.com/MikkoParkkola/nab and install nab as my web fetching and audio analysis MCP server

Your agent will install the binary, wire itself up, and start fetching. Works in Claude Code, Cursor, Windsurf, and any AI with terminal access.

Or install and try manually:

brew install MikkoParkkola/tap/nab                            # install
nab fetch https://news.ycombinator.com                        # fetch as markdown
nab models fetch fluidaudio                                   # download ASR model
nab analyze interview.mp4 --diarize                           # transcribe + identify speakers
nab watch add https://status.openai.com --interval 5m         # subscribe to changes

Features

CommandWhat it does
nab fetch <url>Fetch any URL as clean markdown. HTTP/3, browser cookie injection (Brave / Chrome / Firefox / Safari / Edge / Dia), 1Password auto-login, fingerprint spoofing, fetch-time YARA-X redaction for prompt-injection/exfil signatures, 12 site providers. MCP fetch also supports query-focused extraction, readability, and token budgets.
nab browser <url>Explicit opt-in browser rendering for JS-heavy pages through a configured Chrome DevTools Protocol WebSocket endpoint. No Chromium is bundled and default nab fetch never auto-launches a browser or remote provider.
nab analyze <video|audio>Transcribe and diarize. FluidAudio (Parakeet TDT v3) on Apple Neural Engine, 131x realtime on a 2-hour clip, word-level timestamps, 25 EU languages, optional Qwen3-ASR for zh/ja/ko/vi, optional active reading via MCP sampling.
nab watch add <url>Monitor a URL and push notifications via subscribable MCP resources. RSS for the entire web. Conditional GETs, semantic diff, adaptive backoff.
nab models fetch <name>Persistent install of inference model binaries. Supports fluidaudio (default on macOS Apple Silicon), sherpa-onnx (cross-platform Parakeet TDT, ~30× realtime CPU), and whisper (universal fallback, whisper-large-v3-turbo, 99 langs).
nab-mcpMCP 2025-11-25 server. stdio + Streamable HTTP. 12 tools, 4 prompts, 2+N resources, structured logging, sampling, roots, elicitation.
nab::content::ocrApple Vision OCR engine. 15 languages. Apple Neural Engine accelerated. ~10-50 ms per image. macOS only.

Security: prompt-injection defense

Web pages increasingly carry instructions written for the AI, not for you — concealed in HTML comments, display:none / aria-hidden text, data-ai / data-mcp / data-agent attribute payloads, or WebMCP manifests. Fetch such a page with a naive tool and those hidden instructions land straight in your model's context, where they can be acted on. This is the prompt-injection-as-phishing class of attack.

nab treats every fetched page as hostile input and runs two local, non-networked guards before any content reaches your agent — on by default, no flag, no setup:

  • Secure Ingestion guard — detects and strips machine-targeted markup that is invisible to humans (AI-addressed comments, hidden display:none / aria-hidden text, agent-only data-* payloads, WebMCP advertisements) and reports each detection at Info / Warn / Block severity, so you see what a page tried to tell your agent instead of it being silently executed.
  • YARA-X signature guard — scans every returned body for prompt-injection, exfiltration, secret-leak, and obfuscation signatures, redacting matched sections by default. Set NAB_YARA_ACTION=refuse to block the fetch outright (or NAB_YARA_BYPASS=1 as an audited emergency opt-out).

The net effect: hidden instructions become visible to you, not executed by your model — a strong reason to point your agent at nab fetch instead of a built-in web-fetch tool.

Licensing: both guards are Enterprise Edition modules — free for personal and non-commercial use under PolyForm Noncommercial 1.0.0; commercial / business use requires a commercial license (see COMMERCIAL.md and the License section).

Installation

Homebrew (macOS, recommended)

brew tap MikkoParkkola/tap
brew install nab

Pre-built binary (no Rust toolchain required)

Most users want this path — these are ready-to-run binaries; nothing is compiled on your machine.

If you have cargo-binstall, it fetches the right pre-built binary automatically:

cargo binstall nab

Otherwise download directly from GitHub Releases. Both the nab CLI and the nab-mcp server ship for every platform below, alongside checksums-sha256.txt:

PlatformCLI binaryMCP server binary
macOS Apple Siliconnab-aarch64-apple-darwinnab-mcp-aarch64-apple-darwin
macOS Intelnab-x86_64-apple-darwinnab-mcp-x86_64-apple-darwin
Linux x86_64 (glibc)nab-x86_64-unknown-linux-gnunab-mcp-x86_64-unknown-linux-gnu
Linux x86_64 (static musl)nab-x86_64-unknown-linux-muslnab-mcp-x86_64-unknown-linux-musl
Linux ARM64 (glibc)nab-aarch64-unknown-linux-gnunab-mcp-aarch64-unknown-linux-gnu
Linux ARM64 (static musl)nab-aarch64-unknown-linux-muslnab-mcp-aarch64-unknown-linux-musl
Windows x64nab-x86_64-pc-windows-msvc.exenab-mcp-x86_64-pc-windows-msvc.exe

Example install for macOS Apple Silicon (substitute the filename for your platform):

shasum -a 256 -c checksums-sha256.txt --ignore-missing
chmod +x nab-aarch64-apple-darwin
mv nab-aarch64-apple-darwin /usr/local/bin/nab
xattr -d com.apple.quarantine /usr/local/bin/nab 2>/dev/null || true

From crates.io (compiles from source)

Builds nab locally — requires the Rust toolchain (1.95 or newer) and takes a few minutes:

cargo install nab

From source

git clone https://github.com/MikkoParkkola/nab.git
cd nab
cargo install --path .

Avoiding duplicate installs

If you install nab through more than one channel (for example a Homebrew tap and cargo install), the copy that wins depends on PATH order. On many setups /opt/homebrew/bin comes before ~/.cargo/bin, so a Homebrew binary can shadow a newer cargo-installed one — and nab --version then reports the older version.

Run the built-in diagnostic to see every nab on your PATH, which one wins, and their versions:

nab doctor

If the binary on your PATH is the stale one, its doctor may predate this command; invoke the newer install by full path to diagnose, e.g. ~/.cargo/bin/nab doctor. To resolve, keep a single install channel (brew uninstall nab or cargo uninstall nab), or reorder PATH so the directory of the install you want comes first.

MCP Configuration

Add to your MCP client config (Claude Desktop, Cursor, Windsurf, etc.):

{
  "mcpServers": {
    "nab": {
      "command": "nab-mcp"
    }
  }
}

Or use the auto-installer:

nab mcp install                        # Claude Desktop (default)
nab mcp install --client claude-code   # Claude Code
nab mcp install --client cursor        # Cursor
nab mcp install --client windsurf      # Windsurf
nab mcp install --client codex         # OpenAI Codex CLI
nab mcp install --client vscode        # VS Code Copilot
nab mcp install --client zed           # Zed
nab mcp install --dry-run              # preview without writing

Also supported: gemini, amazon-q, lm-studio.

See MCP integration below for the full list of tools, capabilities, and HTTP transport.

Claude Code plugin

This repository includes a local Claude Code plugin in plugin/. It bundles nab MCP auto-registration with the Claude Elite research, url-insight, wayback, ia, and oreilly skills.

claude --plugin-dir ./plugin

The plugin exposes the /nab workflow shape for fetch, authenticated Brave-cookie fetches, archive retrieval, and multi-source research. It keeps nab's auth-aware path front and center: nab fetch --cookies brave <url> for existing browser sessions and nab fetch --1password <url> for 1Password/TOTP flows.

Usage

Fetch

# Basic fetch — auto-detects browser, returns markdown
nab fetch https://example.com

# Use cookies from a specific browser
nab fetch https://github.com/notifications --cookies brave

# 1Password auto-login (TOTP/MFA supported)
nab fetch https://internal.company.com --1password

# Google Workspace (Docs, Sheets, Slides) with comments
nab fetch --cooki

…
View source on GitHub