Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Chrome MCP Tools
v1.0.3Use this skill when you need to access or control a live Chrome browser through the local Chrome DevTools MCP middleware at http://127.0.0.1:8787/mcp, especi...
⭐ 0· 192·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the instructions: the skill only targets a local Chrome DevTools MCP middleware at 127.0.0.1:8787/mcp and describes opening pages, extracting rendered content, interacting with DOM, screenshots, and recovery steps. Nothing requested (no env vars, no unrelated binaries or config paths) contradicts the declared purpose.
Instruction Scope
The SKILL.md stays focused on interacting with the local MCP endpoint and controlling Chrome. It explicitly instructs opening user-supplied URLs and extracting rendered content (including pages behind logins), and mandates retry/recovery behavior. This is within scope but implies access to any data available in the user's Chrome session (cookies, authenticated pages), which is high-sensitivity and should be made explicit to users before running.
Install Mechanism
Although the skill is instruction-only (no bundled code), it tells the agent to install @mallocfeng/chromedev via `npm install -g` if the binary is absent. That is a runtime instruction to fetch and execute third-party code from npm from an unknown publisher (no homepage/source provided). Installing a global npm package can run arbitrary code on the host and is a moderate-to-high risk action unless the package publisher or source is verified.
Credentials
The skill does not request environment variables or external credentials, which is appropriate. However, its normal operation relies on the user's local Chrome session and the MCP daemon; extracting page content from authenticated sessions can leak personal data. The lack of declared required credentials is coherent, but the data-access sensitivity is high.
Persistence & Privilege
The skill does not request always: true, has no install spec that writes to disk itself (it instructs a runtime npm install), and does not attempt to modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) and is not combined with extra privileges.
Assessment
This skill appears to do what it says — it talks to a local MCP daemon and uses your real Chrome session to open pages and extract rendered content. Before installing or running it: 1) Be cautious about the runtime npm install: @mallocfeng/chromedev is an external package from an unknown source — review its npm page or source repository and prefer installing it yourself in a controlled environment rather than letting the agent install it automatically. 2) Understand that the skill will read content from your live Chrome (including pages behind logins); do not use it on pages containing sensitive personal or corporate data unless you trust the tool. 3) Avoid running the npm install as root; consider running the tool in a sandbox or VM for first use. 4) If you need stronger assurance, ask the skill author for a homepage/source repo, verify the package contents, or request an install-free variant that uses a known, audited binary. If you want help checking the npm package or verifying the daemon, provide the package URL and I can guide you through a quick audit.Like a lobster shell, security has layers — review code before you run it.
MCPvk97cpp0ef59fqgeqvcp5tyy0rs834qj2chromevk97cpp0ef59fqgeqvcp5tyy0rs834qj2latestvk97c4hwg6e8maa8xgqgx7natwx84hdwk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.