← Back to Skills Marketplace
podcasting101

Chrome Devtools

by podcasting101 · GitHub ↗ · v0.1.1
cross-platform ⚠ suspicious
2270
Downloads
2
Stars
20
Active Installs
2
Versions
Install in OpenClaw
/install chrome-devtools
Description
Uses Chrome DevTools via MCP for efficient debugging, troubleshooting and browser automation. Use when debugging web pages, automating browser interactions,...
README (SKILL.md)

Core Concepts

Browser lifecycle: Browser starts automatically on first tool call using a persistent Chrome profile. Configure via CLI args in the MCP server configuration: npx chrome-devtools-mcp@latest --help.

Page selection: Tools operate on the currently selected page. Use list_pages to see available pages, then select_page to switch context.

Element interaction: Use take_snapshot to get page structure with element uids. Each element has a unique uid for interaction. If an element isn't found, take a fresh snapshot - the element may have been removed or the page changed.

Workflow Patterns

Before interacting with a page

  1. Navigate: navigate_page or new_page
  2. Wait: wait_for to ensure content is loaded if you know what you look for.
  3. Snapshot: take_snapshot to understand page structure
  4. Interact: Use element uids from snapshot for click, fill, etc.

Efficient data retrieval

  • Use filePath parameter for large outputs (screenshots, snapshots, traces)
  • Use pagination (pageIdx, pageSize) and filtering (types) to minimize data
  • Set includeSnapshot: false on input actions unless you need updated page state

Tool selection

  • Automation/interaction: take_snapshot (text-based, faster, better for automation)
  • Visual inspection: take_screenshot (when user needs to see visual state)
  • Additional details: evaluate_script for data not in accessibility tree

Parallel execution

You can send multiple tool calls in parallel, but maintain correct order: navigate → wait → snapshot → interact.

Troubleshooting

If chrome-devtools-mcp is insufficient, guide users to use Chrome DevTools UI:

If there are errors launching chrome-devtools-mcp or Chrome, refer to https://github.com/ChromeDevTools/chrome-devtools-mcp/blob/main/docs/troubleshooting.md.

Usage Guidance
This skill appears to do what it says (control Chrome DevTools), but consider these risks before installing: - Supply-chain: skill.json uses `npx ...@latest` which fetches the latest package each run. Prefer a pinned version or preinstall/verify the package to avoid unexpected code changes. - Sandbox: it launches Chrome with `--no-sandbox` and `--disable-setuid-sandbox`. Running Chrome without sandboxing increases risk — run the skill only in isolated, ephemeral containers or VMs. - Privacy: the SKILL.md mentions a persistent Chrome profile. That profile can contain history, cookies, and credentials. Ensure the MCP configuration uses an isolated/profile dedicated to the agent, or explicitly document the profile path and access controls. - Disk and network egress: the skill suggests writing large outputs to filePath; control where files are written and monitor network egress for the MCP process. - What to ask the maintainer: request a pinned package version, a reproducible install method (not implicit npx@latest), explicit documentation of what profile/path the MCP server uses, and justification for the `--no-sandbox` flags. If you can't get those, run the skill in a tightly sandboxed environment or avoid installing it.
Capability Analysis
Type: OpenClaw Skill Name: chrome-devtools Version: 0.1.1 The skill is classified as suspicious due to two main security concerns found in `skill.json`. First, it uses `npx chrome-devtools-mcp@latest`, which introduces a supply chain risk as the skill's behavior can change without explicit review if the `latest` version of the npm package is compromised. Second, and more critically, it launches Chrome with `--chrome-arg=--no-sandbox` and `--chrome-arg=--disable-setuid-sandbox`. These flags disable critical security sandboxing, making the agent highly vulnerable to browser exploits that could lead to arbitrary code execution on the host system if it interacts with a malicious webpage. This constitutes a severe vulnerability.
Capability Assessment
Purpose & Capability
Name and description align with the actual runtime command (npx chrome-devtools-mcp@latest). The skill is designed to control Chrome DevTools via MCP and the instructions describe the expected tool calls and workflow.
Instruction Scope
SKILL.md stays within the claimed scope (navigation, snapshot, snapshot-based element interaction, screenshots, evaluate_script). However it references using a persistent Chrome profile and writing large outputs to file paths (filePath), which implies access to local profile data and disk storage; those data-access implications are not declared in requires.env or required config paths.
Install Mechanism
There is no static install spec, but skill.json causes runtime execution of `npx chrome-devtools-mcp@latest`. Fetching an unpinned `@latest` package via npx at runtime is a supply-chain risk (package content can change between runs). This dynamic retrieval is higher risk than a pinned release or vendored dependency.
Credentials
The skill declares no environment variables or config paths, but SKILL.md's use of a persistent Chrome profile implicitly requires access to a Chrome profile directory (browsing history, cookies, saved credentials). That implicit access is not documented as required configuration or limited, which is a privacy/credential exposure concern.
Persistence & Privilege
always:false (good) and autonomous invocation is allowed (normal). However, autonomous runs will dynamically download and execute an unpinned npm package and launch Chrome with `--no-sandbox`/`--disable-setuid-sandbox`, which increases the blast radius if the fetched package or page contents are malicious. The lack of explicit sandboxing or pinned artifacts elevates risk.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install chrome-devtools
  3. After installation, invoke the skill by name or use /chrome-devtools
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.1
- Added skill.json file to define or enhance skill metadata. - No changes made to functionality or documentation in SKILL.md.
v0.1.0
Initial release of chrome-devtools skill. - Enables web page automation, debugging, and performance analysis using Chrome DevTools via MCP. - Supports lifecycle management, multi-page handling, and unique element interaction using persistent Chrome profiles. - Provides efficient data retrieval methods, parallel tool calls, and both automation (structure/text-based) and visual inspection (screenshots). - Offers troubleshooting steps and links to detailed Chrome DevTools documentation for advanced help.
Metadata
Slug chrome-devtools
Version 0.1.1
License
All-time Installs 22
Active Installs 20
Total Versions 2
Frequently Asked Questions

What is Chrome Devtools?

Uses Chrome DevTools via MCP for efficient debugging, troubleshooting and browser automation. Use when debugging web pages, automating browser interactions,... It is an AI Agent Skill for Claude Code / OpenClaw, with 2270 downloads so far.

How do I install Chrome Devtools?

Run "/install chrome-devtools" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Chrome Devtools free?

Yes, Chrome Devtools is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Chrome Devtools support?

Chrome Devtools is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Chrome Devtools?

It is built and maintained by podcasting101 (@podcasting101); the current version is v0.1.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments