chrome-cdp 安全扫描报告 — 可信 | ClawSafe

5 /100

chrome-cdp

Interacts with a local Chrome-family browser session over CDP when the user explicitly asks to inspect, debug, or interact with a page they already have open.

Chrome CDP skill is a legitimate local browser automation tool using Chrome's DevTools Protocol over WebSocket. No malicious behavior, network exfiltration, credential harvesting, or obfuscation detected.

技能名称chrome-cdp

分析耗时29.5s

引擎pi

✓

可以安装

This skill is safe for use. Ensure users understand it controls the local browser session when remote debugging is enabled.

安全发现 4 项

严重性	安全发现	位置
提示	Pre-scan false positive: base64 decoding The flagged Buffer.from(data, 'base64') at line 314 is standard CDP screenshot protocol — Page.captureScreenshot returns base64-encoded PNG data which must be decoded before writing. This is not obfuscation. `writeFileSync(out, Buffer.from(data, 'base64'));` → No action needed. This is legitimate API usage.	`scripts/cdp.mjs:314`
低危	Runtime directory permissions set to 0o700 Script sets umask(0o077) on non-Windows and creates RUNTIME_DIR with mode 0o700, protecting socket files and page cache from other users. `if (!IS_WINDOWS) process.umask(0o077);` → Positive security measure.	`scripts/cdp.mjs:20`
低危	URL validation prevents non-http(s) navigation The nav command validates URLs, rejecting anything except http: and https: protocols, preventing javascript: or file: URL attacks. `if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:')` → Positive security measure.	`scripts/cdp.mjs:305`
低危	Only localhost connections CDP WebSocket target defaults to 127.0.0.1. CDP_HOST can be set but is scoped to the local debugging port. `const host = process.env.CDP_HOST \|\| '127.0.0.1';` → Network access is properly scoped to local debugging interface.	`scripts/cdp.mjs:60`

资源类型	声明权限	推断权限	状态	证据
浏览器	`WRITE`	`WRITE`	✓ 一致	CDP commands: eval, click, type, nav, open — all browser control operations
文件系统	`READ`	`READ`	✓ 一致	Reads DevToolsActivePort files, pages.json cache; writes screenshots
网络访问	`NONE`	`READ`	✓ 一致	WebSocket connects to 127.0.0.1 only (localhost Chrome debugging port); no exter…
命令执行	`NONE`	`NONE`	—	Uses child_process.spawn internally for daemon management; no arbitrary shell co…

1 严重 1 项发现

🔒

严重编码执行 Base64 编码执行（代码混淆）

Buffer.from(data, 'base64'

scripts/cdp.mjs:314

目录结构

3 文件 · 35.4 KB · 992 行

JavaScript 1f · 870L Markdown 1f · 116L JSON 1f · 6L

├─ ▾ 📁 scripts

│ └─ 📜 cdp.mjs JavaScript 870L · 30.6 KB

├─ 📋 package.json JSON 6L · 144 B

└─ 📝 SKILL.md Markdown 116L · 4.7 KB

安全亮点

✓ No external network connections — only localhost WebSocket to Chrome debugging port

✓ No credential harvesting — does not read .env, .aws, .ssh, or environment variables for secrets

✓ No data exfiltration — no HTTP POST, fetch, or send of browser/page data to remote servers

✓ No remote script execution — no curl|bash, wget|sh, or eval(atob()) patterns

✓ No obfuscation or hidden functionality — all code paths are documented and traceable

✓ URL navigation is restricted to http/https only

✓ Runtime directory and socket files protected with 0o700 permissions

✓ Daemon auto-exits after 20 minutes of inactivity

✓ No pip/npm install requirements — reduces supply chain risk