Chrome DevTools Web Research
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill’s web-research purpose is coherent, but it asks for broad access to a logged-in Chrome session and proactive browser control without clear site or action boundaries.
Use this only if you are comfortable giving the agent control over a Chrome profile. For safety, use a dedicated browser profile with minimal logins, close unrelated private tabs, restrict the allowed sites in your request, require confirmation before any non-read-only action, pin/review the MCP tool version, and turn off remote debugging when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to read or use logged-in sessions and private tabs, not just public webpages.
This explicitly grants access to the user’s authenticated browser state, which can include active accounts and private pages, without a visible per-site or per-profile boundary.
the agent can now see the user’s tabs, cookies, logins, and page state through Chrome DevTools MCP
Use a separate Chrome profile with only the accounts needed for the task, close private tabs, and disable remote debugging after use.
A browsing task could accidentally interact with authenticated sites or submit information if the agent uses these controls too broadly.
Clicking and filling forms in a live logged-in browser can change account state or submit data, and the provided instructions do not show a clear require-confirmation rule for sensitive actions.
Navigate, click, fill, or switch tabs as needed.
Require explicit user confirmation before form submissions, purchases, posts, deletes, account changes, or other non-read-only actions.
Private page contents, account context, or session-derived information could enter the agent’s context through the browser bridge.
Sensitive browser state is routed through an MCP bridge, but the visible artifacts do not define data boundaries such as which tabs are accessible, what is logged, or how credentials/page state are isolated.
through Chrome DevTools MCP
Limit use to a dedicated browser profile and document clear tab, logging, retention, and credential-handling boundaries.
A future package version could behave differently from the version the skill author tested.
The external MCP package is unpinned and central to the skill, so the runtime behavior may change as the latest package changes.
Use `chrome-devtools-mcp@latest` through `mcporter`
Prefer a pinned, reviewed version of chrome-devtools-mcp and verify the mcporter/MCP configuration before granting browser access.
Search queries may be sent to multiple platforms, potentially under the user’s logged-in browser session.
The skill expands ambiguous search requests into a default Google, X, and Reddit workflow. This is disclosed and research-oriented, but users should know it broadens the task unless they restrict it.
If the user only says “search this”, still run the chain unless they explicitly restrict scope.
Specify allowed sites or platforms when you want a narrower search.