Skills
skills/aradotso/devtools-skills/threejs-devtools-mcp/Gen Agent Trust Hub

threejs-devtools-mcp

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx threejs-devtools-mcp to download and run the server component from the npm registry.
  • [COMMAND_EXECUTION]: The tool manages a connection to a local browser instance using the Chrome DevTools Protocol on port 9222 to facilitate scene debugging.
  • [REMOTE_CODE_EXECUTION]: The skill provides tools for updating shaders and generating React components, which involves the generation and application of code within the developer's local environment.
  • [PROMPT_INJECTION]: The skill ingests scene data, including object names and material properties, which serves as a potential surface for indirect prompt injection; however, no exploitation patterns were found, and the capability is scoped to the developer's local scene.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 08:58 PM