claude-chrome

The artifact is documentation for a high-privilege browser automation skill that legitimately requires access to authenticated browser state and DevTools-level operations. The documentation contains no direct indicators of malicious code or intentionally harmful behavior. However, the capability set (arbitrary JS execution, reading cookies/storage, network inspection, file upload, and unattended scheduled runs) constitutes a significant security surface: if the extension, MCP tool, agent backend, or any upstream package (e.g., an npx-fetched MCP) is compromised, an attacker could harvest credentials, exfiltrate sensitive data, or perform unauthorized actions in user sessions. Recommendations: (1) Audit the Chrome extension and chrome-devtools-mcp package source before use and prefer pinned, signed releases; (2) enforce least-privilege site permissions and default-deny behavior; (3) require explicit interactive confirmations for high-risk actions and scheduled tasks affecting sensitive sites; (4) restrict or audit evaluate_script usage and provide an audit trail for all automated actions; (5) avoid runtime npx@latest installs in production workflows without supply-chain controls.