Chrome DevTools MCP Skill

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Chrome DevTools helper, but it should be reviewed because its default setup can let an agent inspect and act through a live logged-in Chrome session.

Install only if you are comfortable giving an agent access to a Chrome debugging session. Prefer isolated/headless mode or a dedicated browser profile for sensitive work, avoid autoConnect around private accounts, require explicit confirmation before page-changing actions, consider pinning the MCP package version, and remove the uxc links when no longer needed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 89% confidence
Finding: This is a markdown file, so SQP-2 applies to user-facing descriptions of behaviors affecting privacy. The guide encourages `list_network_requests` and `list_console_messages` but does not disclose that these may reveal tokens, URLs, headers, or other sensitive debugging data from the current browser context.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The markdown explicitly notes 'Confirm High-Impact Actions First,' but it does not explain the concrete risks of the listed actions. Clicking elements, filling forms, and executing JavaScript in a live browser can submit data, change account state, or perform unintended actions affecting user data or system integrity.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal