Scan Report
5 /100
chrome-cdp
让AI访问已打开的Chrome标签页
Legitimate Chrome Remote Debugging Protocol tool with all capabilities properly declared in documentation.
Safe to install
Skill is safe for use. No malicious indicators found.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | index.js:4 reads path module, reads SKILL.md |
| Shell | WRITE | WRITE | ✓ Aligned | index.js:16 uses execSync('node scripts/cdp.mjs ...') |
| Browser | READ|WRITE | READ|WRITE | ✓ Aligned | CDP operations: listTabs, snap, html (read); click, type, navigate (write) |
| Network | NONE | NONE | — | No external network calls - only local Chrome CDP via localhost |
1 findings
Medium External URL 外部 URL
https://mail.google.com/... SKILL.md:76 File Tree
4 files · 9.1 KB · 388 lines Markdown 2f · 184L
JavaScript 1f · 176L
JSON 1f · 28L
├─
_meta.json
JSON
├─
index.js
JavaScript
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ All shell execution declared in SKILL.md usage examples
✓ JavaScript evaluation capability explicitly documented
✓ No credential harvesting or sensitive path access
✓ No base64 encoding, obfuscation, or anti-analysis patterns
✓ No external C2 or data exfiltration channels
✓ Simple, readable codebase with clear purpose
✓ Uses official Chrome Remote Debugging Protocol