Chrome Devtools
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could interact with websites while authenticated in the persistent browser profile, which may affect accounts or expose session-backed page and network data.
A persistent browser profile can carry cookies, sessions, and account state. The artifacts do not clearly bound which profile is used, which sites/accounts may be automated, or when user approval is required.
Browser starts automatically on first tool call using a persistent Chrome profile.
Use a dedicated low-privilege Chrome profile for this skill, avoid logging into sensitive accounts unless needed, and require explicit user approval before form submission, purchases, account changes, or other impactful actions.
A future package update or supply-chain issue could change what code runs on the user's machine when the MCP server starts.
The skill runs an npm package via npx using @latest and automatic yes mode. That means the code executed can change over time and is not pinned to a reviewed version.
"command": "npx", "args": ["-y", "chrome-devtools-mcp@latest", ...]
Pin the MCP package to a specific reviewed version, document the package source/provenance, and avoid automatic latest-version execution where possible.
Browsing untrusted pages through this skill could be riskier than normal Chrome browsing because an important isolation layer is disabled.
The skill launches Chrome with sandbox protections disabled by default, increasing the impact if a malicious or compromised page exploits the browser.
"--chrome-arg=--no-sandbox", "--chrome-arg=--disable-setuid-sandbox"
Avoid disabling the Chrome sandbox by default. If no-sandbox mode is required for a specific container environment, document that tradeoff clearly and make it opt-in.