Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
m5stack-chrome-browser-control
v1.0.0M5Stack | 通过 MCP chrome-devtools 协议控制用户本地 Chrome 浏览器,实现自动打开网页、操作任意 Outlook 邮箱、搜索内容等任务。使用前提:用户已在 Chrome 中开启远程调试(127.0.0.1:9222),且 OpenClaw MCP 已配置 chrome-devt...
⭐ 0· 55·0 current·0 all-time
byXuanwu Yun@yuyun2000
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with the runtime instructions: the SKILL.md explicitly describes using the Chrome DevTools Protocol (via an MCP adapter) to open pages, inspect and click elements, and read page content (Outlook, X, etc.). The required actions (enable remote debugging and configure MCP) are coherent with that purpose.
Instruction Scope
Instructions stay within the declared purpose (browse, snapshot, click, fill). They do require editing ~/.openclaw/openclaw.json and restarting the gateway, and they rely on reading sensitive content from logged-in browser pages (Outlook/X). Reading private user data is expected for the stated tasks but is intrinsically sensitive — the skill does not ask for unrelated system files or other credentials.
Install Mechanism
Although the skill itself has no install spec, it instructs the user to add an MCP server entry that runs `npx chrome-devtools-mcp@latest --autoConnect`. That causes an npm package to be downloaded & executed on the user's machine (using the `latest` tag with no integrity/pinning). Fetching and auto-running code from the public registry without pinning or provenance checks is a high-risk action and should be treated cautiously.
Credentials
The skill requests no environment variables, which is appropriate, but it requires enabling Chrome remote debugging on 127.0.0.1:9222 and auto-connecting an MCP adapter. Exposing the DevTools debugging port grants full programmatic control of the browser (including access to cookies, sessions, and page contents). That capability is necessary for the stated tasks but is highly sensitive and can be abused if the MCP adapter or other local processes are untrusted.
Persistence & Privilege
The instructions ask the user to persistently modify OpenClaw's config so the MCP adapter autoConnects. This makes a long-lived pathway to control the local browser (and can be invoked autonomously by the agent). Although the skill does not set always:true, adding an auto-connecting MCP entry is a persistent privilege that increases the blast radius if the adapter or skill is compromised.
What to consider before installing
This skill does what it says (control your local Chrome via the DevTools protocol) but it asks you to: 1) enable Chrome's remote debugging (127.0.0.1:9222) — doing so lets any local process control your browser and read logged-in pages (emails, social sites, etc.), and 2) add a config entry that runs `npx chrome-devtools-mcp@latest --autoConnect`, which will download and execute code from npm without a pinned version. Before installing: back up ~/.openclaw/openclaw.json; verify the identity and source of the `chrome-devtools-mcp` package (prefer a specific, audited version instead of @latest); consider using a separate browser profile or a throwaway profile for automation; only enable remote debugging when needed and disable it afterward; and be cautious about letting a persistent MCP auto-connect (it can be invoked autonomously). The skill's source/homepage is unknown — if you proceed, request or inspect the package source and prefer an explicit, pinned install rather than relying on `npx ...@latest`. If you are uncomfortable with these risks, do not enable the MCP entry or avoid using this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk973j841v2hqhvpmz90thj4pxh840d3f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.