Security Audit
claude-chrome
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
claude-chrome received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency in installation instructions.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit c7bd8e0f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in installation instructions The installation instructions for the 'Chrome DevTools MCP' use `npx chrome-devtools-mcp@latest`. Using `@latest` means that the exact version of the package is not pinned. This makes the installation vulnerable to supply chain attacks if a malicious version is published under the same name or if the package maintainer's account is compromised, potentially leading to arbitrary code execution on the user's system. Pin the dependency to a specific, known-good version, e.g., `npx chrome-devtools-mcp@1.2.3`. This ensures that the same version is always installed, reducing the risk of unexpected or malicious changes. | Unknown | SKILL.md:120 |
Scan History
Embed Code
[](https://skillshield.io/report/02c57399550e7975)
Powered by SkillShield