Trust Assessment
claude-chrome received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Skill recommends using `--dangerously-skip-permissions` for browser automation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill recommends using `--dangerously-skip-permissions` for browser automation The skill explicitly instructs and recommends using the `--dangerously-skip-permissions` flag when executing `claude` for browser automation. This flag, as described in the skill, "auto-approve[s] all actions," granting `claude` unchecked control over the Chrome browser. This significantly increases the attack surface, as a compromised `claude` prompt (e.g., via prompt injection) or a malicious agent could perform arbitrary actions (e.g., data exfiltration, unauthorized transactions, credential harvesting) without user intervention. The flag's name itself indicates a high-risk operation. Advise against the routine use of `--dangerously-skip-permissions`. Explore alternative `claude` configurations that allow for more granular permission control or require explicit user confirmation for sensitive actions. If full automation is critical, ensure robust input sanitization and prompt validation for any user-provided input that feeds into `claude` prompts. | LLM | SKILL.md:30 |
Scan History
Embed Code
[](https://skillshield.io/report/b4422dfb281f1fd4)
Powered by SkillShield