Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Xiaopi Chrome Devtools
v1.0.0Uses Chrome DevTools via MCP for efficient debugging, troubleshooting and browser automation. Use when debugging web pages, automating browser interactions,...
⭐ 0· 45·1 current·1 all-time
byAdin@a-din
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes using chrome-devtools-mcp to control Chrome and skill.json invokes `npx chrome-devtools-mcp@latest` with Chrome args. The requested capabilities align with the stated purpose of browser debugging/automation.
Instruction Scope
Instructions reference a 'persistent Chrome profile' (which can expose cookies, history, local storage) and recommend writing large outputs to file paths. The SKILL.md does not request credentials, but operating on a persistent profile means the tool may access sensitive browser data. The runtime guidance to use filePath for large outputs implies the agent will write/read files from disk.
Install Mechanism
skill.json executes `npx -y chrome-devtools-mcp@latest`, which downloads and runs the latest package from the npm registry at runtime. Running dynamically fetched code is a moderate-to-high risk compared with a pinned, reviewed release. Additionally, the provided Chrome args include `--no-sandbox` and `--disable-setuid-sandbox`, which reduce process isolation and increase attack surface.
Credentials
The skill declares no required environment variables or external credentials (good). However, the use of a persistent Chrome profile effectively grants the skill access to browser-stored secrets (cookies, sessions), which is not reflected in the declared requirements and should be considered sensitive.
Persistence & Privilege
The skill does not request always: true and is user-invocable (normal). It will execute remote code via npx and may write package artifacts and profile data to disk; autonomous invocation is allowed by default, which increases blast radius when combined with npx/@latest and sandbox disablement.
What to consider before installing
This skill appears to do what it says (drive Chrome via MCP) but has a few red flags you should weigh before installing:
- It runs `npx chrome-devtools-mcp@latest` at runtime. That fetches and executes the latest code from npm each time — prefer pinned, reviewed package versions and inspect the package source before running.
- It launches Chrome with sandboxing disabled (`--no-sandbox`, `--disable-setuid-sandbox`), which weakens process isolation. Run this only in an isolated environment (container, VM) you control.
- It uses a 'persistent Chrome profile', which can grant access to cookies, sessions, history, and other sensitive browser data. Confirm whether the skill will use an isolated profile or your default profile.
- Owner/metadata mismatch: the top-level registry ownerId differs from _meta.json ownerId; that can indicate repackaging or inconsistent metadata — verify the publisher identity and source repository.
Recommendations before installing:
- Ask the publisher for the package repository and a pinned version (not `@latest`) and review the package contents.
- Run the skill in an isolated environment (temporary Chrome profile, container/VM) rather than on a machine with sensitive browser data.
- Prefer a release hosted on a known repository or pinned to a specific commit/release.
- If you cannot validate the npm package or publisher, do not install on hosts with sensitive data or credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk973zv533bq4819ntyp2bqz17s83rvq4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.