Back to skill

Security audit

Chrome Devtools Mcp 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it gives an agent broad control over Chrome and runs a changing external MCP package with limited upfront safety scoping.

Install only if you intentionally want an agent to control Chrome. Use a separate or isolated browser profile, avoid sensitive accounts unless necessary, confirm any form submissions, uploads, or page-script execution, disable telemetry and CrUX where appropriate, and prefer a pinned vetted package version instead of @latest.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, capture=True, timeout=30):
    try:
        r = subprocess.run(cmd, shell=True, capture_output=capture, text=True, timeout=timeout)
        return r.returncode, r.stdout.strip() if capture else "", r.stderr.strip() if capture else ""
    except subprocess.TimeoutExpired:
        return 1, "", "timeout"
Confidence
92% confidence
Finding
r = subprocess.run(cmd, shell=True, capture_output=capture, text=True, timeout=timeout)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill grants broad browser automation capabilities, including navigation, form submission, file upload, and page-script execution via `evaluate_script`, yet the description does not prominently warn users that these actions can affect external services and expose sensitive local or session data. In an agent setting, insufficient warning increases the chance of unsafe use against real accounts, live websites, or sensitive browsing contexts.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.