← 返回 Skills 市场
925
总下载
2
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install mcp-chrome
功能描述
Control Chrome browser with AI using MCP protocol. Use when users want to automate browser tasks, take screenshots, fill forms, click elements, navigate page...
安全使用建议
This skill appears to do what it says (control your existing Chrome), but it requires installing an unpacked Chrome extension and a global native bridge that can read cookies, history, bookmarks, and capture network traffic — this is powerful and risky. Before installing: 1) Verify the publisher and repository (inspect the GitHub repo and npm package author, recent commits, and issues). 2) Review the extension and bridge source code (or ask a trusted reviewer) to confirm they do only the advertised MCP work and do not exfiltrate data. 3) Load and test in a dedicated/sandbox Chrome profile with no sensitive logins or data (or in a disposable VM/container). 4) Limit the agent's autonomy (require user invocation or disable automatic invocation) while you evaluate behavior. 5) After testing, remove the extension and uninstall the global package if not needed. 6) Prefer signed extensions or official store distribution and integrity checks (checksums, signatures). If you cannot verify the code and provenance, treat this as high-risk and avoid installing it in your main browser profile.
功能分析
Type: OpenClaw Skill
Name: mcp-chrome
Version: 0.1.1
This skill is classified as suspicious due to its extremely broad and high-privilege access to the user's Chrome browser, including existing login sessions, browsing history, bookmarks, and network traffic. Tools like `chrome_get_web_content` can extract any page content, `chrome_history` accesses sensitive browsing data, and `chrome_network_request` can send HTTP requests with browser cookies to arbitrary external endpoints. While these capabilities are described as part of legitimate browser automation, they present a significant risk for data exfiltration and unauthorized actions if the AI agent is compromised via prompt injection. The installation process also involves globally installing an npm package (`mcp-chrome-bridger`) and loading an unpacked Chrome extension from GitHub, requiring substantial trust in these external components.
能力评估
Purpose & Capability
The name/description (Chrome automation using MCP) matches the SKILL.md: it documents navigation, screenshots, form filling, history/bookmark access, and network capture. The capabilities requested are consistent with automating and interacting with an existing Chrome instance.
Instruction Scope
The runtime instructions instruct the user to install a global npm native bridge and load an unpacked Chrome extension that will connect to a local MCP server. Those components explicitly enable access to browsing history, bookmarks, existing login sessions (cookies), console output, and network request capture — all highly sensitive. The SKILL.md does not instruct the agent to exfiltrate data, but it gives the skill the ability to read and act on personal data in the browser (and to send requests using browser cookies). There is no guidance in the document about limiting scope or auditing the extension/bridge code.
Install Mechanism
There is no formal install spec in the skill bundle, but SKILL.md instructs the user to install an npm package globally (mcp-chrome-bridger) and to load a Chrome extension from a GitHub Releases archive. npm and GitHub Releases are common distribution channels, but the referenced repo/author (femto/mcp-chrome) and package are not accompanied by provenance, integrity checks, or a homepage. Installing a global binary and an unpacked extension is persistent and can be abused if the source is untrusted.
Credentials
The declared requirements list no environment variables or binaries, but the SKILL.md effectively requires installing software that will access browser internals (cookies, history, bookmarks) and run a local server. The skill requests broad, sensitive browser-level privileges that are proportionate to implementing 'use existing sessions' but are not explicitly declared or constrained in the metadata — there is a mismatch between the metadata (no credentials/config) and the real runtime privileges the extension + bridge will gain.
Persistence & Privilege
Although always:false, the installation flow includes a persistent Chrome extension and a globally installed native bridge that can run a background local server (e.g., listening on localhost:12306). These create ongoing local presence and a long‑lived channel into the browser if left installed. The skill does not describe uninstall/verification steps or least-privilege controls.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install mcp-chrome - 安装完成后,直接呼叫该 Skill 的名称或使用
/mcp-chrome触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
- Added comprehensive SKILL.md with clear setup instructions, usage examples, and tool documentation.
- Detailed feature comparison with Playwright MCP and outlined unique advantages.
- Provided troubleshooting tips and multi-client support information.
- Listed over 20 available browser automation tools and their descriptions.
- Included resource links for GitHub, npm, and releases.
元数据
常见问题
mcp-chrome 是什么?
Control Chrome browser with AI using MCP protocol. Use when users want to automate browser tasks, take screenshots, fill forms, click elements, navigate page... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 925 次。
如何安装 mcp-chrome?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install mcp-chrome」即可一键安装,无需额外配置。
mcp-chrome 是免费的吗?
是的,mcp-chrome 完全免费(开源免费),可自由下载、安装和使用。
mcp-chrome 支持哪些平台?
mcp-chrome 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 mcp-chrome?
由 femto(@femto)开发并维护,当前版本 v0.1.1。
推荐 Skills