ClawHub

Luke Chrome Devtools Mcp

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Chrome DevTools MCP integration with powerful browser-control abilities, but the artifacts are coherent and do not show hidden, destructive, or purpose-mismatched behavior.

Install only if you want an agent to control and inspect Chrome. Prefer a fresh or disposable browser profile, avoid sensitive logged-in sessions unless that is explicitly intended, review actions before form submissions or file uploads, and use the documented privacy flags to disable usage statistics and CrUX-related behavior when appropriate.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, capture=True, timeout=30):
    try:
        r = subprocess.run(cmd, shell=True, capture_output=capture, text=True, timeout=timeout)
        return r.returncode, r.stdout.strip() if capture else "", r.stderr.strip() if capture else ""
    except subprocess.TimeoutExpired:
        return 1, "", "timeout"
Confidence
95% confidence
Finding
r = subprocess.run(cmd, shell=True, capture_output=capture, text=True, timeout=timeout)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exposes shell-capable setup and launch commands (`npx`, `python3`) but declares no permissions or trust boundaries. That mismatch can cause an agent or user to invoke local command execution without realizing the skill requires code execution and local environment access.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The invocation language is very broad and covers generic browsing, testing, debugging, form filling, screenshots, and inspection tasks. In an agent setting, this can cause over-triggering for routine web requests and grant powerful browser-control capabilities in contexts where the user did not clearly consent to active interaction with pages, sessions, or data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation advertises full browser control, network inspection, screenshots, console access, file upload, and script evaluation without an upfront warning about access to active sessions, page content, tokens, and other sensitive user data. In context, this skill is especially sensitive because browser DevTools capabilities can observe and manipulate authenticated pages and exfiltrate sensitive information if misused.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal