chrome-mcp-remote
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell script (
scripts/start-chrome-mcp.sh) that launches the local Google Chrome application using specified flags (--remote-debugging-port,--user-data-dir) to enable remote automation. This behavior is transparent and aligned with the skill's stated purpose. - [EXTERNAL_DOWNLOADS]: The script uses
curlto perform local health checks against127.0.0.1to ensure the debugging port is active before exiting. No external network requests to non-whitelisted domains were detected. - [DATA_EXPOSURE]: The skill utilizes a temporary directory (
/tmp/chrome-devtools-mcp-profile) for the browser's user data profile. This is a common practice for isolated browser sessions and does not involve exfiltrating sensitive data.
Audit Metadata