mcp-chrome
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is clearly meant for Chrome automation, but it gives AI broad access to your real Chrome profile, logged-in sessions, cookies, history, and browser actions without clear scoping or approval limits.
Install only if you trust the package, extension, and MCP clients. Prefer a separate Chrome profile with limited accounts, review every sensitive action, avoid using it on banking or admin sites, and disable the extension/bridge when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An AI client connected to this MCP server could act as you on websites where your Chrome profile is already logged in.
The skill explicitly reuses logged-in Chrome sessions and cookies, which function as delegated account access, but the artifacts do not bound which sites/accounts can be used or require approval before authenticated requests.
Works with your existing Chrome browser and login sessions. ... `chrome_network_request` | Send HTTP requests with browser cookies
Use a separate Chrome profile or test account, avoid sensitive logged-in sessions, and require explicit confirmation before any authenticated or account-changing action.
Mistaken or malicious tool use could submit forms, change website data, trigger purchases or messages, or remove browser bookmarks.
The documented tool set can perform mutating browser actions such as submitting forms, clicking controls, typing, and deleting bookmarks; the skill does not describe safety checks, per-action confirmation, or rollback boundaries.
`chrome_click_element` | Click elements via CSS selector ... `chrome_fill_or_select` | Fill forms and select options ... `chrome_bookmark_delete` | Delete bookmarks
Only use this with trusted agents, review proposed actions before execution, and avoid granting autonomous control on sensitive websites.
Another local MCP client could potentially view or act on the same browser state used by your current agent.
The skill supports multiple clients sharing one Chrome browser, but the artifacts do not describe client authentication, authorization, or isolation between clients that may access the same tabs, history, cookies, and browser state.
Multiple AI clients can connect simultaneously: ... Any MCP-compatible client ... Each client gets its own session while sharing the same Chrome browser.
Connect only trusted MCP clients, avoid multi-client use for sensitive browsing, and shut down or disconnect the bridge when not actively needed.
You would be trusting external package and extension code with access to your browser automation environment.
The setup requires installing third-party native-bridge code and a Chrome extension, without a pinned version in the instructions and without the code included in this review artifact.
npm install -g mcp-chrome-bridger ... Download from [GitHub Releases](https://github.com/femto/mcp-chrome/releases) ... Load unpacked
Verify the npm package and GitHub release, pin known-good versions where possible, and inspect permissions before loading the extension.
Browser automation access may remain available after the immediate task unless the bridge or extension is disabled.
The bridge registration and already-loaded extension imply a persistent browser-control integration, which is expected for this skill but should be managed carefully.
mcp-chrome-bridger register ... Startup Time | Instant (extension already loaded)
Disable the Chrome extension or unregister/stop the bridge when you are done using the skill.