中文 EN

扫描报告

扫描新文件

低风险 — 风险评分 22/100
上次扫描:1 天前 重新扫描
22 /100
chromedev
Use local Chrome MCP for live browsing and web page extraction via local DevTools middleware
The chromedev skill is a legitimate browser automation tool that uses a local MCP endpoint for web scraping, with shell execution declared in documentation but capability mapping incomplete.
技能名称chromedev
分析耗时42.2s
引擎pi
可以安装
Pin npm package versions to mitigate supply chain risk and explicitly declare shell:WRITE and filesystem:WRITE in SKILL.md capability declarations.

安全发现 2 项

严重性 安全发现 位置
中危
Unpinned npm dependencies 供应链
@mallocfeng/chromedev and @modelcontextprotocol/sdk are installed without version specifiers, allowing the registry to serve updated versions at install time.
npm install -g @mallocfeng/chromedev
→ Pin to specific versions: npm install -g @mallocfeng/[email protected] and npm install @modelcontextprotocol/[email protected]
 SKILL.md:74
低危
Shell and filesystem WRITE not declared in capability header 文档欺骗
SKILL.md frontmatter only declares network/browser usage, but inline documentation shows bash/node commands for npm installs which map to shell:WRITE and filesystem:WRITE.
---name: chromedev (no shell or filesystem in declared capabilities)
→ Add shell:WRITE and filesystem:WRITE to allowed-tools mapping documentation if this skill is analyzed by automated tooling
 SKILL.md:1
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✗ 越权 SKILL.md lines 72-76: npm install commands for global and workspace packages
命令执行 NONE WRITE ✗ 越权 SKILL.md lines 67-76: bash commands (curl, command -v, node, npm install)
网络访问 READ READ ✓ 一致 SKILL.md: http://127.0.0.1:8787/mcp, local-only access only
浏览器 FULL FULL ✓ 一致 SKILL.md describes full Chrome DevTools MCP capabilities
3 项发现
🔗
中危 外部 URL 外部 URL
https://clawhub.ai
.clawhub/origin.json:3
🔗
中危 外部 URL 外部 URL
http://127.0.0.1:8787/mcp
SKILL.md:3
🔗
中危 外部 URL 外部 URL
https://www.163.com/\
scripts/http_mcp_call.mjs:78

目录结构

5 文件 · 13.1 KB · 291 行
Markdown 1f · 180L JavaScript 1f · 84L YAML 1f · 15L JSON 2f · 12L
├─ 📁 .clawhub
│ └─ 📋 origin.json JSON 7L · 141 B
├─ 📁 agents
│ └─ 📋 openai.yaml YAML 15L · 501 B
├─ 📁 scripts
│ └─ 📜 http_mcp_call.mjs JavaScript 84L · 2.6 KB
├─ 📋 _meta.json JSON 5L · 128 B
└─ 📝 SKILL.md Markdown 180L · 9.8 KB

依赖分析 2 项

包名版本来源已知漏洞备注
@mallocfeng/chromedev latest npm Version not pinned - could be updated to malicious version without user knowledge
@modelcontextprotocol/sdk latest npm Version not pinned - official MCP SDK, lower risk but still a supply chain concern

安全亮点

✓ Local-only network access restricted to 127.0.0.1:8787 prevents external data exfiltration
✓ No credential harvesting - does not access ~/.ssh, ~/.aws, .env, or environment variables for secrets
✓ No obfuscation - code is plain JavaScript, no base64 or eval patterns
✓ No hidden C2 infrastructure - no hardcoded IPs or domains outside the local MCP endpoint
✓ Explicit progress/output rules documented to prevent accidental data leakage via chat channels
✓ No persistence mechanisms - no cron, startup scripts, or backdoor installations