Description

Use this skill when you need to access or control a live Chrome browser through the local Chrome DevTools MCP middleware at http://127.0.0.1:8787/mcp, especi...

README (SKILL.md)

chromedev

Name: Chrome MCP Tools
Author: mallocfeng

Use this skill when the user wants browser backed data from real web pages through the local chrome-devtools-mcp middleware running at http://127.0.0.1:8787/mcp.

This skill is for cases where rendered browser state matters, including JavaScript heavy sites, login state in the user's Chrome, interaction flows, screenshots, DOM snapshots, or page data that should come from the live browser instead of plain HTTP fetches.

Connection model

chromedev run is the long lived daemon. It is the layer that keeps the upstream chrome-devtools-mcp process attached to Chrome.
The bundled http_mcp_call.mjs script is intentionally short lived. Each invocation only sends a bounded MCP request to the local daemon.
Do not try to keep a client side MCP HTTP session open in order to preserve Chrome authorization. Chrome authorization belongs to the daemon side connection, not to an individual skill invocation.
If the daemon is healthy, short lived skill calls should not require Chrome to re-authorize on every request.

Primary behavior

If the user gives a URL, open it and extract the page content.
If the page is a list page, return the visible list content in order.
If the task takes multiple browser steps, emit short progress updates while it runs.

This workflow is otherwise a black box to the user, so visible progress output is required. Output is not optional in this skill.

Output rules

If the user explicitly asks for 摘要, 总结, 要点, recap, summary, then produce a summary.
Otherwise, return extracted page content faithfully and concisely.
If paywall or login blocks full text, say what you can see and what is blocked.
If a chromedev MCP call fails with errors such as Not connected, first inspect with chromedev doctor. If it reports stale/orphan chromedev processes or the retry fails, run one recovery cycle with chromedev stop --all, then chromedev run, and retry the failed page operation once. Only report the error to the user if the retry also fails.

Progress reporting

Do not send intermediate progress updates to Telegram or any other chat tool. Focus on producing the final extracted answer or summary directly. Current agent progress and final user facing answer must not trigger extra chat-tool delivery side effects. When the final extracted answer or summary is ready, deliver the final answer once. The final extracted answer or summary must not be streamed token by token. Buffer the final answer first, then send it as one complete final output.

Timeline guarantee

If a step fails, emit the failure status immediately and stop or recover.
If a step is waiting on external input, emit the waiting status immediately when the wait begins.
The final answer must be the terminal visible success output.
The final answer must be sent in one completed block, not as a streaming preview.

Progress message constraints

Never include the original URL, any raw link, or full page text in any auxiliary status text.
Do not restate or recap completed progress steps after the final answer is ready.
Do not append a trailing success/progress line after the final answer.
Do not use streaming progress text as the vehicle for the final answer body.
Do not call openclaw message send for this workflow.
Do not send intermediate status messages to Telegram or any chat tool.
The final extracted answer or summary itself should be the only user visible success output.
The final extracted answer or summary must not be followed by any extra progress, recap, completion, or status line.
The final extracted answer or summary must be delivered non-streaming.

Bad pattern, do not do this

Do not send 完成, 成功, 已提取, or similar status text after the final answer body.
Do not use a progress update as the container for the final answer.
Do not stream the final summary or final extracted answer line by line or token by token.
Do not let the final answer remain inside a draft/preview message lifecycle.
Do not call openclaw message send or any equivalent chat-tool delivery command during this workflow.

Preconditions

Check the npm published version once at the start of the session with npm view @mallocfeng/chromedev version. Then check the local CLI version with chromedev version. If chromedev is missing, the local version command is unavailable, or the npm version is newer than the local version, install the explicit npm version with npm install -g @mallocfeng/chromedev@\x3Cnpm-version>, then continue. Do not repeat this check for every page task unless a command call fails.
Check whether the local middleware is already running on 127.0.0.1:8787. If it is not running, start it automatically with chromedev run, then re-check the endpoint before using MCP tools.
If the endpoint exists but MCP calls fail with Not connected or similar connection/binding errors, run chromedev doctor first. If there are orphan/multiple chrome-devtools-mcp processes or the retry fails, run one recovery cycle: chromedev stop --all → chromedev run → retry once.
On first connection, Chrome may show a remote debugging authorization prompt. Wait up to 30 seconds for the user to approve it.
Treat HTTP session errors and Chrome attachment errors differently. A missing MCP HTTP session does not by itself mean Chrome authorization was lost.

Quick endpoint check

curl -i http://127.0.0.1:8787/mcp

A response like 400 Bad Request with No sessionId means the endpoint exists and is healthy. This is expected because the daemon serves short lived stateless HTTP requests while keeping the upstream Chrome connection alive in the background.

Workflow

Confirm the latest npm version once per session with npm view @mallocfeng/chromedev version, then compare it with chromedev version. If the local command is missing, too old to print a version, or older than npm, force install the explicit npm version with npm install -g @mallocfeng/chromedev@\x3Cnpm-version>.
Confirm the middleware is running. If not, run chromedev run and then re-check http://127.0.0.1:8787/mcp.
Connect to http://127.0.0.1:8787/mcp.
If any MCP tool call fails with connection-style errors such as Not connected, target closed, or similar startup/binding failures, run chromedev doctor to check for stale daemon state or multiple DevTools clients. Then try exactly one recovery cycle if needed: chromedev stop --all → chromedev run → retry the original page operation once.
If the user explicitly provided a URL, open the target page first with new_page. Do not try to recover by opening a blank page or any synthetic page.
For explicit URL tasks, do not call list_pages before the first new_page.
After new_page, assume the new tab is already the selected page. Do not call list_pages/select_page unless take_snapshot/evaluate_script fails with a "no selected page" or similar error.
If the user did not provide a URL and wants the current page or an existing tab, then inspect current pages and select the right page.
Prefer evaluate_script for a fast, bounded extraction (title/byline/time/body) first, then fall back to take_snapshot when the DOM is hard to parse or blocked.
Use wait_for only when the page is still loading and you know a stable text or UI state to wait on (keep it short).
Return extracted data, not protocol noise.
Once the final answer body is ready, buffer the full final answer and deliver only that final answer as one complete non-streaming output.

How to interpret requests

When the user gives a URL, treat it as a request to read that page.

Open the target page directly first.
Do not attempt recovery by opening about:blank or any placeholder page.
Do not inspect existing pages before the first new_page for explicit URL tasks.
If the user asks for summary, return a summary.
If the user asks for page content, return extracted content.
If the user asks for list content, return the visible list items in order.

Preferred tool order

For explicit URL tasks: new_page.
Then: evaluate_script (fast extract, keep output bounded).
Fallback: take_snapshot (slower, but robust when the DOM is messy).
For current-page or existing-tab tasks: list_pages, then select_page.
wait_for only when you have a reliable, small string to wait on.
take_screenshot only when visuals matter.

Command line client

The npm package includes a reusable request client exposed through:

chromedev call \x3Ctool_name> [json_arguments]

It connects to the local HTTP MCP endpoint and calls one tool. Prefer chromedev call because it uses the request client bundled with the installed npm package and does not depend on the current skill directory containing a scripts folder.

This skill source also includes the same reusable script for development:

scripts/http_mcp_call.mjs

The script is not the persistent connection holder. It is only a request client for the already running local daemon.

When using chromedev call, the npm package's bundled dependencies should be used automatically. Only install @modelcontextprotocol/sdk in the current workspace if you intentionally run scripts/http_mcp_call.mjs directly and the dependency is missing.

WORKSPACE="$(git rev-parse --show-toplevel 2>/dev/null || pwd -P)"
cd "$WORKSPACE" && npm install @modelcontextprotocol/sdk

Common commands

Check and install the latest published chromedev

REMOTE_VERSION="$(npm view @mallocfeng/chromedev version 2>/dev/null || true)"
LOCAL_VERSION="$(chromedev version 2>/dev/null | sed -E 's/^.*@([0-9]+\.[0-9]+\.[0-9]+).*$/\1/' || true)"

if [ -z "$REMOTE_VERSION" ]; then
  echo "Could not read @mallocfeng/chromedev version from npm"
elif [ -z "$LOCAL_VERSION" ] || node -e 'const [l,r]=process.argv.slice(1); const a=l.split(".").map(Number); const b=r.split(".").map(Number); process.exit(b[0]>a[0] || (b[0]===a[0] && b[1]>a[1]) || (b[0]===a[0] && b[1]===a[1] && b[2]>a[2]) ? 0 : 1)' "$LOCAL_VERSION" "$REMOTE_VERSION"; then
  npm install -g "@mallocfeng/chromedev@$REMOTE_VERSION"
  hash -r 2>/dev/null || true
fi

Start the service if the endpoint is not already listening

curl -s -o /dev/null http://127.0.0.1:8787/mcp || chromedev run

Recover from a stuck/not-connected session

chromedev doctor
chromedev stop --all
chromedev run

List current pages

chromedev call list_pages

Open a page

chromedev call new_page '{"url":"\x3CURL>","timeout":30000}'

For explicit URL tasks, do this first. Do not begin by opening about:blank or any recovery page.

Get a snapshot

chromedev call take_snapshot

Extract title and a bounded article body (fast path)

chromedev call evaluate_script '{"function":"() => {\
  const pick = () => document.querySelector(\"article\") || document.querySelector(\"main\") || document.body;\
  const el = pick();\
  const text = (el?.innerText || \"\").replace(/\\s+\\
/g, "\\
").trim();\
  return {\
    title: document.title,\
    url: location.href,\
    byline: document.querySelector(\"[data-testid=byline]\")?.innerText || document.querySelector(\".byline\")?.innerText || \"\",\
    time: document.querySelector(\"time\")?.getAttribute(\"datetime\") || document.querySelector(\"time\")?.innerText || \"\",\
    text: text.slice(0, 20000),\
    textLength: text.length\
  };\
}"}'

Note: never forward raw URL in Telegram progress messages.

Wait for specific text

chromedev call wait_for '{"text":["\x3CTEXT>"],"timeout":30000}'

Extraction guidance

Fast path first: use evaluate_script to extract a bounded body string (e.g. article/main innerText) plus title/byline/time, then summarize from that.
Fallback: use take_snapshot for readable page content and structure when extraction is blocked or the DOM is hard to parse.
Use evaluate_script for precise fields, arrays, links, prices, tables, or JSON shaped output.
Use wait_for only if a page is visibly still loading and you know a reliable text to wait on.
For list pages, preserve order and return item text and link targets.
- Link targets are allowed in the final user facing extraction output.
- Link targets are never allowed in Telegram progress messages.
For article pages, extract title, author, publish date when visible, then the article body text.

Operational notes

Keep browser state intact unless the user asked for navigation or interaction.
If a tool call hangs near connection start, assume Chrome may be waiting for the authorization dialog.
Prefer returning concise extracted data over full raw snapshots unless the user asked for raw output.
Do not expose the local MCP endpoint outside 127.0.0.1.
Do not treat a per call MCP HTTP session as the source of truth for Chrome attachment. The daemon process is the long lived connection holder.
Do not send Telegram progress updates during this workflow.
Do not send a final Telegram/chat-tool success status after the final extracted answer or summary is ready.
In Telegram-like channels with stream previews, never stream the final answer through the preview channel; finalize the content first and then send the final answer once.

Usage Guidance

This skill will access your live Chrome browser (including cookies and any logged‑in sessions) via a local daemon and may install and run a third‑party npm package globally. The registry metadata does not declare the required binaries or the npm install step — treat that as a red flag. Before installing or allowing autonomous use: (1) verify and trust the npm package @mallocfeng/chromedev (inspect its source on npm/GitHub); (2) prefer to manually install the chromedev CLI yourself instead of allowing the skill to run npm install -g; (3) run the skill in a non‑sensitive environment or with a separate browser profile if you have private data open; (4) ask the skill author to add an explicit install spec and required-binaries list and to document exactly what browser data is accessed. If you cannot verify the npm package author or source, avoid granting this skill autonomous permission to install or run system commands.

Capability Analysis

Type: OpenClaw Skill Name: chromedev Version: 1.0.6 The skill 'chromedev' (v1.0.6) is classified as suspicious due to potential shell injection vulnerabilities in the installation and update logic found in SKILL.md. The instructions direct the agent to execute shell commands that incorporate output from 'npm view' and local CLI versions without sanitization, which could allow arbitrary command execution if the npm package metadata for '@mallocfeng/chromedev' is manipulated. While the skill's purpose of browser automation via a local MCP middleware (http://127.0.0.1:8787/mcp) is clearly defined, the reliance on global npm installations and unsanitized shell scripts poses a security risk.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md clearly intends to control a local Chrome DevTools MCP daemon and may legitimately need local CLI tools (chromedev, npm, curl). However, the registry metadata declares no required binaries, no install spec, and no environment variables, which is inconsistent with the runtime instructions that expect npm, a chromedev CLI, and curl to be available (and even instructs installing a global npm package).

⚠ Instruction Scope

The instructions direct the agent to run local commands (curl checks, chromedev version/doctor/run/stop), perform network queries to npm (npm view), and potentially install a global npm package (@mallocfeng/chromedev). They also require controlling a long‑lived daemon attached to the user's Chrome and therefore can access rendered pages, cookies, and any authenticated state in the browser. Those actions go beyond simple page-fetching and have real access to sensitive local browser state; the SKILL.md does not declare or justify these requirements in the registry metadata.

⚠ Install Mechanism

There is no install spec in the registry, but the skill explicitly tells the agent to run npm view and to npm install -g @mallocfeng/chromedev@<version> when needed. That means the skill relies on fetching and running code from the public npm registry at runtime (a moderate-to-high risk install path) and may require global package install privileges. The package name and author are not validated in the registry metadata and no checksum or trusted source is declared.

⚠ Credentials

The skill requests no environment variables in metadata, yet it will access local resources with high sensitivity: the user's live Chrome instance (cookies, sessions, auth tokens) via the MCP middleware and will perform network calls to npm. The absence of declared required binaries/env vars is misleading; the actions it performs are proportionally significant and should be explicitly declared so a user can consent knowingly.

ℹ Persistence & Privilege

The skill is not marked always:true, but it instructs starting a long‑lived daemon (chromedev run) and may stop/start processes (chromedev stop --all). Those operations modify system state and run persistent processes, but they are coherent with the stated purpose. Still, starting/stopping daemons and installing global npm packages are privileged actions the user should be aware of before allowing autonomous execution.

Version History

v1.0.6

chromedev 1.0.6 - Adds automatic version checks: Compares the latest published npm version of `@mallocfeng/chromedev` with the local CLI version at session start. If missing or outdated, installs the latest. - Installs exact npm version if needed, improving reliability and ensuring up-to-date features. - Workflow and precondition steps updated to include this version verification before any further actions. - No other user-facing behavior or interface changes.

v1.0.5

chromedev 1.0.5 - Adds support for starting the middleware automatically with chromedev run if it is not running. - Error recovery now runs chromedev doctor to diagnose stale or orphaned DevTools processes, and uses chromedev stop --all in recovery cycles. - Ensures the endpoint is re-checked after starting the middleware. - Updates recovery and precondition logic for improved reliability with multiple or stale daemon processes. - Bumps version in skill metadata.

v1.0.3

- Removes 4 files, including legacy metadata and script files, for a cleaner codebase. - Adds automatic recovery: if an MCP call fails with connection errors (e.g., "Not connected"), the skill now runs chromedev stop, then chromedev run, and retries the operation once before reporting an error. - Clarifies the connection model: emphasizes that the chromedev daemon maintains the Chrome connection, while skill invocations are short-lived and stateless. - Updates preconditions and workflow to distinguish between HTTP session errors and Chrome authorization, enabling smarter error handling. - Keeps all output, progress, and delivery rules unchanged; all extracted or summarized content is still buffered and sent as one complete, non-streaming message.

v1.0.2

chromedev v1.0.2 changelog - Added metadata files: `.clawhub/origin.json` and `_meta.json` for improved project tracking and management. - Revised SKILL.md to clarify progress reporting: final extracted answers or summaries are now delivered as non-streaming, single complete outputs with no trailing status text or streaming previews. - Updated workflow guidelines to prioritize non-chat progress messaging, explicit output rules, and robust failure/status signaling. - Enhanced extraction protocol: use `evaluate_script` for fast, bounded output where possible, and fall back to `take_snapshot` as needed. - Improved instructions for tool ordering and command-line usage, emphasizing single-step tab handling and avoiding unnecessary page listing or selection unless required by tool failure. - Refined language around auxiliary messaging to ensure user-facing output is concise and not interrupted by progress or draft updates.

v1.0.1

chromedev 1.0.1 - Clarified that, if the Chrome DevTools local middleware is not running, the user should be prompted to start it with chromedev run. - Updated workflow and operational notes to require a pre-check for the running middleware and instruct the user if it is missing. - No functional or code changes; documentation clarification only.

v1.0.0

ChromeDev is a local MCP middleware and skill extension for a live Chrome browser. It wraps chrome-devtools-mcp into a persistent local service and uses --autoConnect to connect to the user’s running Chrome instance. The user only needs to confirm the connection once on first access, and after that ChromeDev can maintain a long-lived connection without repeatedly asking for authorization. The workflow is straightforward: enable remote debugging in Chrome, then run chromedev run. After the initial confirmation, AI can reliably access open tabs, page content, DOM structure, list pages, snapshots, and script-evaluated data. ChromeDev also includes a small command set for basic operation: chromedev run to start the service and keep the Chrome connection alive in the background chromedev run --foreground to run it in the foreground for debugging chromedev stop to stop the service chromedev status to check whether it is running chromedev logs to show log file locations You can also test the bundled mjs helper directly against the local MCP service: List open tabs: node skills/chromedev/scripts/http_mcp_call.mjs list_pages Open Google: node skills/chromedev/scripts/http_mcp_call.mjs new_page '{"url":"https://www.google.com","timeout":30000}' Read the current page content: node skills/chromedev/scripts/http_mcp_call.mjs take_snapshot Extract page title and URL: node skills/chromedev/scripts/http_mcp_call.mjs evaluate_script '{"function":"() => ({ title: document.title, url: location.href })"}' This makes ChromeDev a strong fit for news pages, article pages, list pages, portals, and JavaScript-heavy sites, and it works well in OpenClaw-style workflows where the chromedev skill is used to keep reading live browser content continuously. ChromeDev 是一个面向本地 Chrome 浏览器的 MCP 中间件和 skill 扩展。它把 chrome-devtools-mcp 封装成一个可常驻运行的本地服务，支持通过 --autoConnect 连接当前正在使用的 Chrome。用户只需要在第一次访问时点一次确认，之后就可以建立并保持长期连接，避免每次都反复弹出授权确认。使用方式很简单：先在 Chrome 中开启远程调试，然后运行 chromedev run。初次确认完成后，AI 就可以稳定访问当前打开的网页内容、DOM 结构、列表页、页面快照和脚本执行结果。 ChromeDev 自带一组基础命令，常用操作如下： chromedev run：启动本地服务，后台保持和 Chrome 的连接 chromedev run --foreground：以前台方式启动，方便调试 chromedev stop：停止服务 chromedev status：查看当前运行状态 chromedev logs：查看日志路径如果要测试 mjs 调用，也可以直接用命令行访问当前 MCP 服务：查看当前 tab 列表： node skills/chromedev/scripts/http_mcp_call.mjs list_pages 打开 Google： node skills/chromedev/scripts/http_mcp_call.mjs new_page '{"url":"https://www.google.com","timeout":30000}' 读取当前页面内容： node skills/chromedev/scripts/http_mcp_call.mjs take_snapshot 提取页面标题和 URL： node skills/chromedev/scripts/http_mcp_call.mjs evaluate_script '{"function":"() => ({ title: document.title, url: location.href })"}' 它特别适合新闻页、文章页、列表页、门户网站和 JavaScript 动态渲染页面，也适合在 OpenClaw 之类的工作流里直接调用 chromedev skill，让 AI 持续读取浏览器里的实时内容。

Metadata

Slug chromedev

Version 1.0.6

License MIT-0

All-time Installs 2

Active Installs 2

Total Versions 6

Frequently Asked Questions

What is Chrome MCP Tools?

Use this skill when you need to access or control a live Chrome browser through the local Chrome DevTools MCP middleware at http://127.0.0.1:8787/mcp, especi... It is an AI Agent Skill for Claude Code / OpenClaw, with 296 downloads so far.

How do I install Chrome MCP Tools?

Run "/install chromedev" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Chrome MCP Tools free?

Yes, Chrome MCP Tools is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Chrome MCP Tools support?

Chrome MCP Tools is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Chrome MCP Tools?

It is built and maintained by mallocfeng (@mallocfeng); the current version is v1.0.6.

More Skills

Chrome MCP Tools