github · chrome-devtools-mcpf90f863d4b9d

Hardcoded secret detected in source. MCP servers often proxy between the model and a third-party API, so any committed credential grants that access to anyone who can read the repo. Move to an environment variable or secret manager and rotate the leaked value.

const cruxManager = DevTools.CrUXManager.CrUXManager.instance();

  // go/jtfbx. Yes, we're aware this API key is public. ;)

  cruxManager.setEndpointForTesting(

    'https://chromeuxreport.googleapis.com/v1/records:queryRecord?key=AIzaSyBn5gimNjhiEyA_euicSKko6IlD3HdgUfk',

  );

  const cruxSetting =

    DevTools.Common.Settings.Settings.instance().createSetting('field-data', {

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

Example without arguments: `() => {

  return document.title

}` or `async () => {

  return await fetch("example.com")

}`.

  Example with arguments: `(el) => {

  return el.innerText;

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

name: 'function',

        type: 'string',

        description:

          'A JavaScript function declaration to be executed by the tool in the currently selected page.\nExample without arguments: `() => {\n  return document.title\n}` or `async () => {\n  return await fetch("example.com")\n}`.\nExample with arguments: `(el) => {\n  return el.innerText;\n}`\n',

        required: true,

      },

      args: {

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

htmlContent: `

      <h1>Network Test</h1>

      <script>

        fetch('/network_test.html'); // Self fetch to ensure at least one request

      </script>

    `,

  },

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

if (cachePath) {

  try {

    const response = await fetch(`${getRegistry()}/chrome-devtools-mcp/latest`);

    const data = response.ok ? await response.json() : null;

    if (

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

Example without arguments: \`() => {

  return document.title

}\` or \`async () => {

  return await fetch("example.com")

}\`.

Example with arguments: \`(el) => {

  return el.innerText;

Package declares an install-time hook (npm postinstall/preinstall/prepare, setup.py cmdclass override, custom setuptools install class, or non-default pyproject build-backend). Anyone installing this package runs the hook. Confirm the hook is necessary and review its contents; prefer shipping a plain library without install-time execution.

"test:no-build": "node scripts/test.mjs",

    "test:only": "npm run build && node scripts/test.mjs --test-only",

    "test:update-snapshots": "npm run build && node scripts/test.mjs --test-update-snapshots",

    "prepare": "node scripts/prepare.ts",

    "verify-server-json-version": "node scripts/verify-server-json-version.ts",

    "update-lighthouse": "node scripts/update-lighthouse.ts",

    "update-metrics": "node scripts/update_metrics.ts",

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

release-please:

    runs-on: ubuntu-latest

    steps:

      - uses: googleapis/release-please-action@v5

        with:

          token: ${{ secrets.BROWSER_AUTOMATION_BOT_TOKEN }}

          target-branch: main