chrome-cdp Security Report — Trusted | ClawSafe

5 /100

chrome-cdp

Interacts with a local Chrome-family browser session over CDP when the user explicitly asks to inspect, debug, or interact with a page they already have open.

Chrome CDP skill is a legitimate local browser automation tool using Chrome's DevTools Protocol over WebSocket. No malicious behavior, network exfiltration, credential harvesting, or obfuscation detected.

Skill Namechrome-cdp

Duration29.5s

Enginepi

✓

Safe to install

This skill is safe for use. Ensure users understand it controls the local browser session when remote debugging is enabled.

Findings 4 items

Severity	Finding	Location
Info	Pre-scan false positive: base64 decoding The flagged Buffer.from(data, 'base64') at line 314 is standard CDP screenshot protocol — Page.captureScreenshot returns base64-encoded PNG data which must be decoded before writing. This is not obfuscation. `writeFileSync(out, Buffer.from(data, 'base64'));` → No action needed. This is legitimate API usage.	`scripts/cdp.mjs:314`
Low	Runtime directory permissions set to 0o700 Script sets umask(0o077) on non-Windows and creates RUNTIME_DIR with mode 0o700, protecting socket files and page cache from other users. `if (!IS_WINDOWS) process.umask(0o077);` → Positive security measure.	`scripts/cdp.mjs:20`
Low	URL validation prevents non-http(s) navigation The nav command validates URLs, rejecting anything except http: and https: protocols, preventing javascript: or file: URL attacks. `if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:')` → Positive security measure.	`scripts/cdp.mjs:305`
Low	Only localhost connections CDP WebSocket target defaults to 127.0.0.1. CDP_HOST can be set but is scoped to the local debugging port. `const host = process.env.CDP_HOST \|\| '127.0.0.1';` → Network access is properly scoped to local debugging interface.	`scripts/cdp.mjs:60`

Resource	Declared	Inferred	Status	Evidence
Browser	`WRITE`	`WRITE`	✓ Aligned	CDP commands: eval, click, type, nav, open — all browser control operations
Filesystem	`READ`	`READ`	✓ Aligned	Reads DevToolsActivePort files, pages.json cache; writes screenshots
Network	`NONE`	`READ`	✓ Aligned	WebSocket connects to 127.0.0.1 only (localhost Chrome debugging port); no exter…
Shell	`NONE`	`NONE`	—	Uses child_process.spawn internally for daemon management; no arbitrary shell co…

1 Critical 1 findings

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(data, 'base64'

scripts/cdp.mjs:314

File Tree

3 files · 35.4 KB · 992 lines

JavaScript 1f · 870L Markdown 1f · 116L JSON 1f · 6L

├─ ▾ 📁 scripts

│ └─ 📜 cdp.mjs JavaScript 870L · 30.6 KB

├─ 📋 package.json JSON 6L · 144 B

└─ 📝 SKILL.md Markdown 116L · 4.7 KB

Security Positives

✓ No external network connections — only localhost WebSocket to Chrome debugging port

✓ No credential harvesting — does not read .env, .aws, .ssh, or environment variables for secrets

✓ No data exfiltration — no HTTP POST, fetch, or send of browser/page data to remote servers

✓ No remote script execution — no curl|bash, wget|sh, or eval(atob()) patterns

✓ No obfuscation or hidden functionality — all code paths are documented and traceable

✓ URL navigation is restricted to http/https only

✓ Runtime directory and socket files protected with 0o700 permissions

✓ Daemon auto-exits after 20 minutes of inactivity

✓ No pip/npm install requirements — reduces supply chain risk

Scan Report

Findings 4 items

File Tree

Security Positives