Chrome Devtools
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: chrome-devtools Version: 0.1.1 The skill is classified as suspicious due to two main security concerns found in `skill.json`. First, it uses `npx chrome-devtools-mcp@latest`, which introduces a supply chain risk as the skill's behavior can change without explicit review if the `latest` version of the npm package is compromised. Second, and more critically, it launches Chrome with `--chrome-arg=--no-sandbox` and `--chrome-arg=--disable-setuid-sandbox`. These flags disable critical security sandboxing, making the agent highly vulnerable to browser exploits that could lead to arbitrary code execution on the host system if it interacts with a malicious webpage. This constitutes a severe vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could interact with websites while authenticated in the persistent browser profile, which may affect accounts or expose session-backed page and network data.
A persistent browser profile can carry cookies, sessions, and account state. The artifacts do not clearly bound which profile is used, which sites/accounts may be automated, or when user approval is required.
Browser starts automatically on first tool call using a persistent Chrome profile.
Use a dedicated low-privilege Chrome profile for this skill, avoid logging into sensitive accounts unless needed, and require explicit user approval before form submission, purchases, account changes, or other impactful actions.
A future package update or supply-chain issue could change what code runs on the user's machine when the MCP server starts.
The skill runs an npm package via npx using @latest and automatic yes mode. That means the code executed can change over time and is not pinned to a reviewed version.
"command": "npx", "args": ["-y", "chrome-devtools-mcp@latest", ...]
Pin the MCP package to a specific reviewed version, document the package source/provenance, and avoid automatic latest-version execution where possible.
Browsing untrusted pages through this skill could be riskier than normal Chrome browsing because an important isolation layer is disabled.
The skill launches Chrome with sandbox protections disabled by default, increasing the impact if a malicious or compromised page exploits the browser.
"--chrome-arg=--no-sandbox", "--chrome-arg=--disable-setuid-sandbox"
Avoid disabling the Chrome sandbox by default. If no-sandbox mode is required for a specific container environment, document that tradeoff clearly and make it opt-in.