Tracked packageView full profile for chrome-devtools-mcp

MCPSafe.io

Security pre-install checks for MCP servers.

Use with caution. Address findings before production.

Compare to another server

github · chrome-devtools-mcpHEAD

Item: chrome-devtools-mcp
Rating: 3
Author: MCPSafe

Scanned 5/3/2026, 6:55:30 PM·Cached result·Fast Scan·45 rules·How we decide ↗

AIVSS Score

4.0/ 10

Medium

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packagechrome-devtools-mcp

VersionHEAD

SourceGITHUB

LicenseApache-2.0

PublisherChromeDevTools

Package age7mo

Stars38.0K

Downloads/wk—

Dependencies0

Homepagehttps://npmjs.org/package/chrome-devtools-mcp

Repositoryhttps://github.com/ChromeDevTools/chrome-devtools-mcp

Findings

7 of 7 findings

medium (7)

7 findings

medium (7)

AIVSS 4.0CVSS 5.5

Hardcoded secret detected in source. MCP servers often proxy between the model and a third-party API, so any committed credential grants that access to anyone who can read the repo. Move to an environment variable or secret manager and rotate the leaked value.

Evidence

const cruxManager = DevTools.CrUXManager.instance();
  // go/jtfbx. Yes, we're aware this API key is public. ;)
  cruxManager.setEndpointForTesting(
    'https://chromeuxreport.googleapis.com/v1/records:queryRecord?key=AIzaSyBn5gimNjhiEyA_euicSKko6IlD3HdgUfk',
  );
  const cruxSetting =
    DevTools.Common.Settings.Settings.instance().createSetting('field-data', {

Remediation

Rotate the leaked credential immediately, then replace the hardcoded value with os.environ / process.env lookup. For deployment, inject the value through your secret manager (AWS Secrets Manager, Doppler, Vault).

Report false positive

AIVSS 2.5CVSS 4.0

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

Evidence

Example without arguments: `() => {
  return document.title
}` or `async () => {
  return await fetch("example.com")
}`.
  Example with arguments: `(el) => {
  return el.innerText;

Remediation

Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.

Report false positive

AIVSS 2.5CVSS 4.0

Evidence

name: 'function',
        type: 'string',
        description:
          'A JavaScript function declaration to be executed by the tool in the currently selected page.\nExample without arguments: `() => {\n  return document.title\n}` or `async () => {\n  return await fetch("example.com")\n}`.\nExample with arguments: `(el) => {\n  return el.innerText;\n}`\n',
        required: true,
      },
      args: {

Remediation

Report false positive

AIVSS 2.5CVSS 4.0

Evidence

Example without arguments: \`() => {
  return document.title
}\` or \`async () => {
  return await fetch("example.com")
}\`.
Example with arguments: \`(el) => {
  return el.innerText;

Remediation

Report false positive

AIVSS 2.5CVSS 4.0

Evidence

htmlContent: `
      <h1>Network Test</h1>
      <script>
        fetch('/network_test.html'); // Self fetch to ensure at least one request
      </script>
    `,
  },

Remediation

Report false positive

AIVSS 2.3CVSS 3.5

Package declares an install-time hook (npm postinstall/preinstall/prepare, setup.py cmdclass override, custom setuptools install class, or non-default pyproject build-backend). Anyone installing this package runs the hook. Confirm the hook is necessary and review its contents; prefer shipping a plain library without install-time execution.

Evidence

"test:no-build": "node scripts/test.mjs",
    "test:only": "npm run build && node scripts/test.mjs --test-only",
    "test:update-snapshots": "npm run build && node scripts/test.mjs --test-update-snapshots",
    "prepare": "node --experimental-strip-types scripts/prepare.ts",
    "verify-server-json-version": "node --experimental-strip-types scripts/verify-server-json-version.ts",
    "update-lighthouse": "node --experimental-strip-types scripts/update-lighthouse.ts",
    "update-metrics": "node

Remediation

Prefer libraries that do not require install-time code execution: - Drop `postinstall`/`preinstall`/`prepare` scripts if the work can happen at runtime or build-time instead. - Ship pre-built native binaries rather than compiling via a custom `cmdclass` or `build_ext` override. - For Dockerfiles: replace `RUN curl … | sh` with a pinned download + checksum verification + explicit `RUN` of a named script. - If the hook is unavoidable, document exactly what it does so downstream reviewers

Report false positive

AIVSS 2.3CVSS 3.5

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

Evidence

release-please:
    runs-on: ubuntu-latest
    steps:
      - uses: googleapis/release-please-action@v5
        with:
          token: ${{ secrets.BROWSER_AUTOMATION_BOT_TOKEN }}
          target-branch: main

Remediation

Pin every `uses:` to a 40-character commit SHA. Trailing comment with the version helps reviewers: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v4.1.1` Automate the migration with `pinact` (https://github.com/suzuki-shunsuke/pinact) or `ratchet` (https://github.com/sethvargo/ratchet). Add a `pinact run --check` pre-commit hook so future PRs stay pinned. Re-pin when the action releases a new version — Dependabot can do this automatically with `version-update-strategy: inc

Report false positive

LLM summary— chrome-devtools-mcp:HEAD

This package carries a C grade with 7 medium-severity issues, primarily centered on resource exhaustion vulnerabilities (4 instances) and server configuration weaknesses (2 instances), plus one hardcoded secret that poses a credential exposure risk. While the safety score of 89/100 is respectable and no critical or high-severity flaws were found, the resource exhaustion risks could allow attackers to degrade performance or cause denial of service, making it unsuitable for production use without remediation. You should request fixes for the hardcoded secret and resource exhaustion handling before deployment.

Signal scores

CVE check100

Static68

Publisher identity50

Permissions100

Supply chain84

Typosquat100

Package health75

Community82

Injection risks100

Secrets & exfil92

Destructive ops100

LLM judge panel

CVE check

No known CVEs found for this package or its dependencies.

Community trust

No community reports

Security policy: Not found
Advisories: 0

Scan details

Total findings: 7
Affected tools: 0 / 1
Scan type: Fast Scan
Rules run: 45
LLM consensus score: N/A
Scanned: 55d ago
Source: GITHUB

MCP Server Information

Source: GITHUB
Package: chrome-devtools-mcp
Version: HEAD
License: Apache-2.0
Publisher: ChromeDevTools
Verified: No
Account age: 11y 2m
Added: 7 months ago
Versions: 38005
Homepage: https://npmjs.org/package/chrome-devtools-mcp
Repository: https://github.com/ChromeDevTools/chrome-devtools-mcp
Ecosystem: GitHub
Stars: 38.0K
Forks: 2.4K
Open issues: 107
Dependencies: 0

browserchromechrome-devtoolsdebuggingdevtoolsmcpmcp-serverpuppeteer

AIVSS Score

4.0/ 10Medium

Internal score: 89/100

Severity breakdown

Scan Details

Total findings7

Affected tools0 / 1

Scanned55d ago

Scan modeFAST

SourceGITHUB

Scan IDpubfast08177b14d6ecdd33863a

Want deeper analysis?

Fast scan found 7 findings using rule-based analysis. Upgrade for LLM consensus across 5 judges, AI-generated remediation, and cross-file taint analysis.

View plans Scan another package

Building your own MCP server?

Run this exact engine on your private repo — before users see it on /scan.

Same rules, same LLM judges, same grade. Private scans stay isolated to your account and never appear in the public registry. Required for code your team hasn’t shipped yet.

See plans with Private scans How private scans stay private

7 of 7 findings

medium (7)

7 findings

medium (7)

AIVSS 4.0CVSS 5.5

Evidence

const cruxManager = DevTools.CrUXManager.instance();
  // go/jtfbx. Yes, we're aware this API key is public. ;)
  cruxManager.setEndpointForTesting(
    'https://chromeuxreport.googleapis.com/v1/records:queryRecord?key=AIzaSyBn5gimNjhiEyA_euicSKko6IlD3HdgUfk',
  );
  const cruxSetting =
    DevTools.Common.Settings.Settings.instance().createSetting('field-data', {

Remediation

Report false positive

AIVSS 2.5CVSS 4.0

Evidence

Example without arguments: `() => {
  return document.title
}` or `async () => {
  return await fetch("example.com")
}`.
  Example with arguments: `(el) => {
  return el.innerText;

Remediation

Report false positive

AIVSS 2.5CVSS 4.0

Evidence

name: 'function',
        type: 'string',
        description:
          'A JavaScript function declaration to be executed by the tool in the currently selected page.\nExample without arguments: `() => {\n  return document.title\n}` or `async () => {\n  return await fetch("example.com")\n}`.\nExample with arguments: `(el) => {\n  return el.innerText;\n}`\n',
        required: true,
      },
      args: {

Remediation

Report false positive

AIVSS 2.5CVSS 4.0

Evidence

Example without arguments: \`() => {
  return document.title
}\` or \`async () => {
  return await fetch("example.com")
}\`.
Example with arguments: \`(el) => {
  return el.innerText;

Remediation

Report false positive

AIVSS 2.5CVSS 4.0

Evidence

htmlContent: `
      <h1>Network Test</h1>
      <script>
        fetch('/network_test.html'); // Self fetch to ensure at least one request
      </script>
    `,
  },

Remediation

Report false positive

AIVSS 2.3CVSS 3.5

Evidence

"test:no-build": "node scripts/test.mjs",
    "test:only": "npm run build && node scripts/test.mjs --test-only",
    "test:update-snapshots": "npm run build && node scripts/test.mjs --test-update-snapshots",
    "prepare": "node --experimental-strip-types scripts/prepare.ts",
    "verify-server-json-version": "node --experimental-strip-types scripts/verify-server-json-version.ts",
    "update-lighthouse": "node --experimental-strip-types scripts/update-lighthouse.ts",
    "update-metrics": "node

Remediation

Report false positive

AIVSS 2.3CVSS 3.5

Evidence

release-please:
    runs-on: ubuntu-latest
    steps:
      - uses: googleapis/release-please-action@v5
        with:
          token: ${{ secrets.BROWSER_AUTOMATION_BOT_TOKEN }}
          target-branch: main

Remediation

Report false positive

235	const cruxManager = DevTools.CrUXManager.instance();
236	// go/jtfbx. Yes, we're aware this API key is public. ;)
237	cruxManager.setEndpointForTesting(
238	'https://chromeuxreport.googleapis.com/v1/records:queryRecord?key=AIzaSyBn5gimNjhiEyA_euicSKko6IlD3HdgUfk',
239	);
240	const cruxSetting =
241	DevTools.Common.Settings.Settings.instance().createSetting('field-data', {

323	Example without arguments: `() => {
324	return document.title
325	}` or `async () => {
326	return await fetch("example.com")
327	}`.
328	Example with arguments: `(el) => {
329	return el.innerText;

178	name: 'function',
179	type: 'string',
180	description:
181	'A JavaScript function declaration to be executed by the tool in the currently selected page.\nExample without arguments: `() => {\n return document.title\n}` or `async () => {\n return await fetch("example.com")\n}`.\nExample with arguments: `(el) => {\n return el.innerText;\n}`\n',
182	required: true,
183	},
184	args: {

29	Example without arguments: \`() => {
30	return document.title
31	}\` or \`async () => {
32	return await fetch("example.com")
33	}\`.
34	Example with arguments: \`(el) => {
35	return el.innerText;

16	htmlContent: `
17	<h1>Network Test</h1>
18	<script>
19	fetch('/network_test.html'); // Self fetch to ensure at least one request
20	</script>
21	`,
22	},

24	"test:no-build": "node scripts/test.mjs",
25	"test:only": "npm run build && node scripts/test.mjs --test-only",
26	"test:update-snapshots": "npm run build && node scripts/test.mjs --test-update-snapshots",
27	"prepare": "node --experimental-strip-types scripts/prepare.ts",
28	"verify-server-json-version": "node --experimental-strip-types scripts/verify-server-json-version.ts",
29	"update-lighthouse": "node --experimental-strip-types scripts/update-lighthouse.ts",
30	"update-metrics": "node

10	release-please:
11	runs-on: ubuntu-latest
12	steps:
13	- uses: googleapis/release-please-action@v5
14	with:
15	token: ${{ secrets.BROWSER_AUTOMATION_BOT_TOKEN }}
16	target-branch: main