chrome-devtools

BENIGN overall, with normal supply-chain risk due to dependencies and local artifact storage. The footprint aligns with a legitimate browser automation/QA tool; ensure access control around local artifacts and limit exposure of sensitive data in logs/snapshots.

This module provides a powerful capability: executing arbitrary JavaScript inside a browser page via eval. The code itself is not obfuscated and contains no explicit hardcoded backdoors, but it presents a clear and high-risk attack surface: untrusted or attacker-supplied --script combined with navigation to sensitive pages can lead to credential or data exfiltration. Treat this tool as dangerous if used with untrusted input or against authenticated pages. Apply strong input restrictions, sandboxing, or remove eval usage to reduce risk.