chrome-devtools

This script intentionally executes user-provided JavaScript inside a browser page context (via page.evaluate + eval) and navigates to user-provided URLs without validation. The code itself does not contain obvious malware, obfuscation, or hardcoded secrets, but it provides a powerful primitive that can be abused to read sensitive page data or perform exfiltration when given untrusted input. Treat use of this tool as high-risk if scripts or URLs can be influenced by untrusted parties; otherwise it is expected functionality for a browser automation CLI.