cc_chrome_devtools_mcp_skill

No direct signs of intentionally malicious code or obfuscation were found in the provided documentation. However, by design the skill exposes highly sensitive browser state and offers multiple configurable outbound channels (WebSocket endpoints, proxies, logs, HAR exports) and powerful primitives (evaluate_script, upload_file) that can be used to exfiltrate data if misconfigured or if an MCP client or endpoint is untrusted. The primary risk is operational (misconfiguration, credential forwarding, insufficient isolation) rather than hidden malware. Recommend using --isolated=true in sensitive workflows, avoid setting --wsEndpoint/--wsHeaders to untrusted endpoints, restrict proxy usage, audit log/HAR outputs, and limit evaluate_script usage to trusted scripts/clients.