Browser Automation
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Chrome automation skill, but it gives an external MCP bridge and Chrome extension broad control over your logged-in browser, cookies, history, and bookmarks without clear limits.
Install only if you are comfortable giving an AI-connected bridge control over your live Chrome browser. Prefer a separate Chrome profile with non-sensitive accounts, verify the npm package and Chrome extension source, connect only trusted MCP clients, and require manual approval for any logged-in or state-changing browser action.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could act as you on websites where you are already logged in, including making authenticated requests.
The skill explicitly uses the user's existing logged-in browser state and cookies as authentication material, but does not bound which sites, accounts, or requests the agent may use.
Works with your existing Chrome browser and login sessions. ... `chrome_network_request` | Send HTTP requests with browser cookies
Use a separate Chrome profile or test account, and require explicit approval before any authenticated, financial, administrative, or account-changing action.
A mistake, malicious webpage instruction, or overly broad user request could lead to unintended form submissions, account actions, bookmark changes, or authenticated requests.
The documented tool set includes broad browser interaction and mutation authority, including form submission paths, bookmark deletion, and raw authenticated HTTP requests, without stated approval gates.
`chrome_click_element` | Click elements via CSS selector ... `chrome_fill_or_select` | Fill forms and select options ... `chrome_bookmark_delete` | Delete bookmarks ... `chrome_network_request` | Send HTTP requests with browser cookies
Limit use to clearly scoped tasks and require confirmation for submissions, deletions, purchases, account changes, or any request using browser cookies.
If the external package or extension is compromised or differs from expectations, it would receive high-value browser access.
The skill depends on external executable components, including a global npm package and a manually loaded Chrome extension, with no pinned version or code included in the submitted artifacts for review.
npm install -g mcp-chrome-bridger ... Download from [GitHub Releases](https://github.com/femto/mcp-chrome/releases) ... `mcp-chrome-extension-vX.X.X.zip`
Verify the package and extension source, pin exact versions or hashes where possible, review requested extension permissions, and avoid installing from untrusted mirrors.
More than one AI client may be able to view or act through the same browser context, increasing the chance that sensitive page data or session authority is exposed to an unintended client.
The documentation describes multiple MCP clients sharing the same live Chrome browser, but does not explain authentication, client trust boundaries, or isolation of tabs, cookies, history, and actions.
Multiple AI clients can connect simultaneously: ... Any MCP-compatible client ... Each client gets its own session while sharing the same Chrome browser.
Connect only trusted clients, avoid sharing the MCP endpoint broadly, and prefer a dedicated Chrome profile for automation.
Your browsing history and open tab contents may be exposed to the AI workflow when you ask it to search or analyze browser data.
The skill can retrieve sensitive browser context such as open tab contents and browsing history. This is aligned with the browser automation purpose, but users should recognize the privacy sensitivity.
`search_tabs_content` | AI-powered semantic search across tabs ... `chrome_history` | Search browsing history
Avoid using this skill with sensitive tabs or history, and use a separate browser profile if privacy matters.
The MCP client may start local bridge code on your machine to connect AI tools to Chrome.
The STDIO configuration launches a local npm command as an MCP server. This is disclosed and central to the integration, but it means local code runs when configured.
"command": "npx", "args": ["mcp-chrome-bridger", "stdio"]
Use only trusted MCP clients and packages, and remove the configuration when you no longer need browser automation.