Chrome Devtools
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its Chrome debugging purpose, but it should be reviewed because it runs an unpinned npm MCP server, disables Chrome sandboxing, and uses a persistent browser profile that may carry logged-in sessions.
Install only if you are comfortable running an MCP browser automation server from npm. Prefer a dedicated Chrome profile, do not use it with sensitive logged-in accounts unless necessary, review actions before the agent submits forms or changes account data, and consider pinning the package version and removing the no-sandbox flags.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could interact with websites while authenticated in the persistent browser profile, which may affect accounts or expose session-backed page and network data.
A persistent browser profile can carry cookies, sessions, and account state. The artifacts do not clearly bound which profile is used, which sites/accounts may be automated, or when user approval is required.
Browser starts automatically on first tool call using a persistent Chrome profile.
Use a dedicated low-privilege Chrome profile for this skill, avoid logging into sensitive accounts unless needed, and require explicit user approval before form submission, purchases, account changes, or other impactful actions.
A future package update or supply-chain issue could change what code runs on the user's machine when the MCP server starts.
The skill runs an npm package via npx using @latest and automatic yes mode. That means the code executed can change over time and is not pinned to a reviewed version.
"command": "npx", "args": ["-y", "chrome-devtools-mcp@latest", ...]
Pin the MCP package to a specific reviewed version, document the package source/provenance, and avoid automatic latest-version execution where possible.
Browsing untrusted pages through this skill could be riskier than normal Chrome browsing because an important isolation layer is disabled.
The skill launches Chrome with sandbox protections disabled by default, increasing the impact if a malicious or compromised page exploits the browser.
"--chrome-arg=--no-sandbox", "--chrome-arg=--disable-setuid-sandbox"
Avoid disabling the Chrome sandbox by default. If no-sandbox mode is required for a specific container environment, document that tradeoff clearly and make it opt-in.