ClawHub

Fox Chrome Devtools Mcp

Security checks across malware telemetry and agentic risk

Overview

This skill clearly installs and documents a Chrome browser automation tool, with real browser-control risks but no evidence of hidden or malicious behavior.

Install this only if you want an agent to control Chrome for testing or automation. Prefer a dedicated test browser profile or headless session, avoid using it with sensitive logged-in accounts, disable telemetry options if desired, and consider pinning the npm package version instead of using @latest.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, capture=True, timeout=30):
    try:
        r = subprocess.run(cmd, shell=True, capture_output=capture, text=True, timeout=timeout)
        return r.returncode, r.stdout.strip() if capture else "", r.stderr.strip() if capture else ""
    except subprocess.TimeoutExpired:
        return 1, "", "timeout"
Confidence
97% confidence
Finding
r = subprocess.run(cmd, shell=True, capture_output=capture, text=True, timeout=timeout)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill description is broad enough to match many generic browsing, testing, debugging, and form-filling requests, which can cause over-invocation of a high-impact browser-control skill. Because the skill enables live browser manipulation, broad triggering increases the chance it is used in sensitive contexts such as authenticated sessions, internal apps, or pages containing confidential data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This skill provides full browser control, page-script execution, file upload, network inspection, and access to live authenticated browser state, yet the description does not prominently warn about these high-impact capabilities. In practice, that can lead users or orchestrators to underestimate the risk of exposing secrets, interacting with sensitive sites, or executing actions on behalf of the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal