jb-chrome-mcp

SUSPICIOUS: the skill’s purpose and capabilities mostly align, and the main browser-MCP target is an official ChromeDevTools project, but the footprint is still moderately risky. It combines third-party CLI installation, unpinned npx fallback, persisted home-level config, and powerful control over arbitrary existing Chrome tabs, which can expose sensitive browser session data or trigger real actions if the agent is not tightly supervised.