firefox-debug

This mcporter skill is a legitimate development/debugging integration exposing powerful DevTools features. I find no indicators of intentional malicious code (no obfuscation, no C2, no embedded credentials). However, the functionality includes high-privilege operations (arbitrary JS execution and storage access) that can reveal sensitive data and enable exfiltration if used by an untrusted Agent or on a network-exposed host. Treat this tool as safe only within trusted developer environments and apply operational mitigations: bind RDP to localhost, require explicit approval for storage/script execution, avoid production profiles, and secure any files written to disk.