Luke Chrome Devtools Mcp
v1.0.0Chrome DevTools MCP — Google's official browser automation and testing server. Control Chrome via Puppeteer through MCP protocol: click, fill forms, navigate...
⭐ 1· 253·0 current·0 all-time
by@banalit
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, and the included Python helper all align: they install/run chrome-devtools-mcp via npx, check for Node/npx/Chrome, and provide an openclaw.json snippet. Requested resources (Node, Chrome) are appropriate for the stated purpose.
Instruction Scope
Runtime instructions and the setup script perform expected actions (run npx, check Chrome paths, read ~/.openclaw/openclaw.json for status). The script uses subprocess.run with shell=True for a few static commands — expected here but worth noting because shell execution can be sensitive if commands were constructed from untrusted input (they are static in this bundle).
Install Mechanism
No install spec is provided; SKILL.md and the script instruct use of npx -y chrome-devtools-mcp@latest. Using npx@latest will fetch and execute code from the npm registry at runtime — this is normal for Node tools but increases runtime exposure to remote code changes. Consider pinning a version or installing from a reviewed release if you need stronger guarantees.
Credentials
The skill does not request any environment variables or secrets. It reads a local openclaw.json path (~/ .openclaw/openclaw.json) for status checks, which is appropriate for integration and is declared in the script output only.
Persistence & Privilege
always is false and the skill is user-invocable. The bundle does not modify other skills or system-wide settings, and it does not persist credentials or write configuration files automatically — it only prints a suggested openclaw.json snippet.
Assessment
This skill appears coherent for running Chrome DevTools MCP, but take these precautions before installing: 1) npx -y ...@latest downloads and runs the latest npm package — pin to a specific version (chrome-devtools-mcp@x.y.z) if you want reproducible, reviewable code. 2) Run the MCP server in an isolated environment (container/VM) because it launches a browser that can load arbitrary webpages and may expose session data. 3) The setup script uses shell execution (subprocess with shell=True) for static commands; review any changes before running and avoid modifying it to include user-provided input. 4) Disable telemetry and CrUX tracing as suggested if you will handle sensitive pages. 5) Verify the upstream repo/package maintainer and checksums if you require stronger supply-chain guarantees.Like a lobster shell, security has layers — review code before you run it.
latestvk979yg85j788nr2ayspsq6cmw982wvbt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🌐 Clawdis