ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Chrome Devtools Mcp 1.0.0

v1.0.0

Chrome DevTools MCP — Google's official browser automation and testing server. Control Chrome via Puppeteer through MCP protocol: click, fill forms, navigate...

0· 374·2 current·2 all-time
by@sieyer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill name, description, SKILL.md, and included setup script all center on running the chrome-devtools-mcp npm package and controlling Chrome. Required system dependencies (Node.js, npx, Chrome/Chromium) are exactly what this capability needs. Note: _meta.json ownerId differs from the registry metadata ownerId provided in the header; this is a metadata inconsistency but does not change functional behavior.
Instruction Scope
SKILL.md and the setup/test script only instruct the agent to install/run the chrome-devtools-mcp package, check for Node/npx/Chrome, read openclaw.json (~/.openclaw/openclaw.json) for configuration, and start/stop the MCP server. These actions are within the expected scope. The script uses subprocess.run(..., shell=True) for some checks (constant commands only), which is acceptable here but worth reviewing since shell=True can be dangerous if later modified to include untrusted input.
Install Mechanism
This is an instruction-only skill (no install spec). The instructions rely on npx -y chrome-devtools-mcp@latest which fetches the package from the npm registry at runtime and uses the 'latest' tag (not pinned to a specific proven version). Fetching a remote npm package on demand is expected for this kind of skill but carries a supply-chain risk if the published package were compromised or if the maintainer changes the package unexpectedly.
Credentials
The skill does not request environment variables, secrets, or extra credentials beyond needed local config checks. The script reads a local openclaw.json config path to detect MCP config, which is consistent with the advertised integration.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill does not request persistent system-wide privileges, does not modify other skills, and only suggests adding a server entry to the user's openclaw.json (user-controlled).
Assessment
This skill appears to do what it says: it runs the chrome-devtools-mcp npm package to control Chrome. Before installing or enabling it: 1) Verify the npm package identity and maintainer (confirm it's the official ChromeDevTools package on npm/GitHub) rather than blindly running `npx ...@latest`. Prefer pinning to a known-good version if possible. 2) Be aware that npx will download and execute remote code each time (supply-chain risk). 3) Running the MCP server will control a browser instance — avoid using it with sessions that contain sensitive data or credentials, and use the provided flags to disable telemetry/performance CrUX. 4) The included Python script uses shell=True for some subprocess calls (currently with constant strings) — review it if you plan to modify or reuse it. 5) Note the minor metadata mismatch (ownerId) in the package files; this is not a functional blocker but warrants extra caution verifying the package provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk9776p8cy7w55e9xy0p1xgvbf5824h73

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🌐 Clawdis

Comments