Chrome MCP Tools
Security checks across malware telemetry and agentic risk
Overview
The skill is a plausible browser-control helper, but it asks the agent to install and run external tooling that can use a live logged-in Chrome session.
Review before installing. Use this only if you trust the external @mallocfeng/chromedev npm package and are comfortable letting a local daemon control a Chrome session that may already be logged into private accounts. Prefer read-only tasks, avoid sensitive sites unless necessary, approve any Chrome debugging prompt deliberately, and stop the daemon after use.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.