Chrome Devtools Mcp 1.0.0
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a clearly described Chrome browser automation skill, but users should be aware it grants powerful browser control and runs an unpinned external MCP package.
This skill appears purpose-aligned and not malicious from the provided artifacts. Install it only if you are comfortable giving an agent browser-automation powers. For sensitive work, pin the npm package version, disable telemetry and CrUX calls, and use a separate test browser profile rather than your normal logged-in Chrome session.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could click buttons, fill and submit forms, inspect page/network data, or upload files in a browser session.
The skill intentionally exposes broad browser automation. This is central to its purpose, but it can affect real websites and accounts if used in sensitive sessions.
gives AI agents full control of a live Chrome browser via Puppeteer ... click, fill forms, navigate, screenshot, performance traces, network inspection
Use it for testing or controlled browsing. Avoid using it on sensitive logged-in sessions unless you explicitly want the agent to act there.
JavaScript run in a page can read or change that page’s state and interact with the current browser context.
The MCP tool can execute JavaScript inside the browser page. This is expected for DevTools-style debugging, but it is a code-execution capability.
`evaluate_script` | Run JavaScript in page
Only run page scripts on sites and sessions where that behavior is intended.
Future npm package changes could alter the behavior of the MCP server without this skill package changing.
The setup path downloads/runs the latest npm package rather than a pinned version. This is disclosed and purpose-aligned, but the exact code executed may change over time.
run("npx -y chrome-devtools-mcp@latest --help", timeout=60)Prefer pinning a known package version for repeatable environments, and review the upstream package source when using it in sensitive workflows.
The agent could act with whatever browser session, cookies, or account state is present in that Chrome instance.
Connecting to an existing Chrome instance may give the agent access to active tabs and logged-in sessions if the user starts Chrome that way.
Connect to existing Chrome (must be started with --remote-debugging-port=9222)
Use headless mode or a separate test Chrome profile instead of connecting to your personal logged-in browser.
Some usage or performance-related information may be sent to Google unless disabled.
The artifacts disclose external data flows to Google services and provide flags to disable them.
Google collects usage statistics by default — disable with `--no-usage-statistics`; Performance tools may send trace URLs to Google CrUX API — disable with `--no-performance-crux`
Use `--no-usage-statistics --no-performance-crux` for private or sensitive testing.