chrome-devtools-skill

The skill aligns with its stated purpose of automated CDP-driven web data extraction and analysis. It enables comprehensive actions (navigation, data extraction via evaluate_script, network monitoring, screenshots) but introduces notable security considerations: persistent user-data-dir usage, reliance on external MCP tooling via npm, and potential exposure of sensitive page data across runs. Treat as suspicious-neutral and implement mitigations: use ephemeral Chrome profiles per task, pin MCP versions, audit MCP provenance, and enforce explicit user consent for data exfiltration or persistence. Ensure proper access control and secure handling of any returned data.