devtools
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses sudo apt install to install Chrome and its dependencies on Linux/WSL2 environments, which involves elevated privileges.- [COMMAND_EXECUTION]: Uses npx chrome-devtools-mcp@latest to download and run the MCP server dynamically from the NPM registry.- [COMMAND_EXECUTION]: Includes scripts that manage system processes using commands like pkill, taskkill, and fuser -k to control Chrome instances.- [COMMAND_EXECUTION]: Troubleshooting documentation suggests using the --no-sandbox flag for Chrome, which disables critical security boundaries.- [EXTERNAL_DOWNLOADS]: Fetches installation files for Google Chrome from official Google domains (dl.google.com).- [REMOTE_CODE_EXECUTION]: The use of npx with the @latest tag results in the execution of the most recent version of the package from a remote repository at runtime.
Audit Metadata