chrome-devtools

SUSPICIOUS. The skill’s browser automation capabilities broadly fit its stated purpose, and the main package is an official Chrome DevTools project rather than an unknown payload. However, it relies on mutable @latest execution, a separate third-party mcptools CLI, and gives an agent broad access to arbitrary web content plus interactive browser actions and full page data capture. This is coherent but high-impact, so it is better classified as suspicious/high-risk tooling rather than malicious.