ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chrome Devtools

v0.1.1

Uses Chrome DevTools via MCP for efficient debugging, troubleshooting and browser automation. Use when debugging web pages, automating browser interactions,...

2· 1.7k·18 current·20 all-time
by@podcasting101
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description align with the actual runtime command (npx chrome-devtools-mcp@latest). The skill is designed to control Chrome DevTools via MCP and the instructions describe the expected tool calls and workflow.
Instruction Scope
SKILL.md stays within the claimed scope (navigation, snapshot, snapshot-based element interaction, screenshots, evaluate_script). However it references using a persistent Chrome profile and writing large outputs to file paths (filePath), which implies access to local profile data and disk storage; those data-access implications are not declared in requires.env or required config paths.
!
Install Mechanism
There is no static install spec, but skill.json causes runtime execution of `npx chrome-devtools-mcp@latest`. Fetching an unpinned `@latest` package via npx at runtime is a supply-chain risk (package content can change between runs). This dynamic retrieval is higher risk than a pinned release or vendored dependency.
Credentials
The skill declares no environment variables or config paths, but SKILL.md's use of a persistent Chrome profile implicitly requires access to a Chrome profile directory (browsing history, cookies, saved credentials). That implicit access is not documented as required configuration or limited, which is a privacy/credential exposure concern.
!
Persistence & Privilege
always:false (good) and autonomous invocation is allowed (normal). However, autonomous runs will dynamically download and execute an unpinned npm package and launch Chrome with `--no-sandbox`/`--disable-setuid-sandbox`, which increases the blast radius if the fetched package or page contents are malicious. The lack of explicit sandboxing or pinned artifacts elevates risk.
What to consider before installing
This skill appears to do what it says (control Chrome DevTools), but consider these risks before installing: - Supply-chain: skill.json uses `npx ...@latest` which fetches the latest package each run. Prefer a pinned version or preinstall/verify the package to avoid unexpected code changes. - Sandbox: it launches Chrome with `--no-sandbox` and `--disable-setuid-sandbox`. Running Chrome without sandboxing increases risk — run the skill only in isolated, ephemeral containers or VMs. - Privacy: the SKILL.md mentions a persistent Chrome profile. That profile can contain history, cookies, and credentials. Ensure the MCP configuration uses an isolated/profile dedicated to the agent, or explicitly document the profile path and access controls. - Disk and network egress: the skill suggests writing large outputs to filePath; control where files are written and monitor network egress for the MCP process. - What to ask the maintainer: request a pinned package version, a reproducible install method (not implicit npx@latest), explicit documentation of what profile/path the MCP server uses, and justification for the `--no-sandbox` flags. If you can't get those, run the skill in a tightly sandboxed environment or avoid installing it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d2awf2zb480612421hkwjmx81j0w6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments