by 安全扫描
OpenClaw
可疑
medium confidenceThe skill is coherent with its stated purpose (controlling Chrome via MCP) but it runs remote npm code (npx @latest), disables Chrome sandboxing, and uses a persistent Chrome profile — all of which increase risk and deserve scrutiny before installation.
评估建议
This skill appears to do what it says (drive Chrome via MCP) but has a few red flags you should weigh before installing:
- It runs `npx chrome-devtools-mcp@latest` at runtime. That fetches and executes the latest code from npm each time — prefer pinned, reviewed package versions and inspect the package source before running.
- It launches Chrome with sandboxing disabled (`--no-sandbox`, `--disable-setuid-sandbox`), which weakens process isolation. Run this only in an isolated environment (conta...详细分析 ▾
✓ 用途与能力
The SKILL.md describes using chrome-devtools-mcp to control Chrome and skill.json invokes `npx chrome-devtools-mcp@latest` with Chrome args. The requested capabilities align with the stated purpose of browser debugging/automation.
⚠ 指令范围
Instructions reference a 'persistent Chrome profile' (which can expose cookies, history, local storage) and recommend writing large outputs to file paths. The SKILL.md does not request credentials, but operating on a persistent profile means the tool may access sensitive browser data. The runtime guidance to use filePath for large outputs implies the agent will write/read files from disk.
⚠ 安装机制
skill.json executes `npx -y chrome-devtools-mcp@latest`, which downloads and runs the latest package from the npm registry at runtime. Running dynamically fetched code is a moderate-to-high risk compared with a pinned, reviewed release. Additionally, the provided Chrome args include `--no-sandbox` and `--disable-setuid-sandbox`, which reduce process isolation and increase attack surface.
ℹ 凭证需求
The skill declares no required environment variables or external credentials (good). However, the use of a persistent Chrome profile effectively grants the skill access to browser-stored secrets (cookies, sessions), which is not reflected in the declared requirements and should be considered sensitive.
ℹ 持久化与权限
The skill does not request always: true and is user-invocable (normal). It will execute remote code via npx and may write package artifacts and profile data to disk; autonomous invocation is allowed by default, which increases blast radius when combined with npx/@latest and sandbox disablement.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/29
chrome-devtools 1.0.0 initial release - Introduces integration with Chrome DevTools via MCP for browser debugging, troubleshooting, and automation. - Supports persistent Chrome profiles and configurable browser lifecycle via CLI arguments. - Enables page selection, structured element interaction using unique uids, and efficient data retrieval options. - Documents recommended workflow for navigation, waiting, snapshotting, and element interaction. - Highlights parallel tool call support and troubleshooting resources for setup and UI issues.
● 可疑
安装命令
点击复制官方npx clawhub@latest install xiaopi-chrome-devtools
镜像加速npx clawhub@latest install xiaopi-chrome-devtools --registry https://cn.longxiaskill.com