chrome-devtools

Fail

Audited by Socket on Mar 18, 2026

1 alert found:

Malware
MalwareHIGH
SKILL.md

SUSPICIOUS. The skill’s browser automation capabilities broadly fit its stated purpose, and the main package is an official Chrome DevTools project rather than an unknown payload. However, it relies on mutable @latest execution, a separate third-party mcptools CLI, and gives an agent broad access to arbitrary web content plus interactive browser actions and full page data capture. This is coherent but high-impact, so it is better classified as suspicious/high-risk tooling rather than malicious.

Confidence: 87%Severity: 68%
Audit Metadata
Analyzed At
Mar 18, 2026, 05:40 PM
Package URL
pkg:socket/skills-sh/cygnusfear%2Fagent-skills%2Fchrome-devtools%2F@0adf25f4df191f510a872adce8ada2a67ac89603
Security Audit — socket — chrome-devtools