Public scan brief
ChromeDevTools/chrome-devtools-mcp security scan
Partial no-execution triage for the public Chrome DevTools MCP repo. This is a heuristic scan of selected public text files, not a commissioned audit, vulnerability disclosure, or security certification.
RepoChromeDevTools/chrome-devtools-mcp
Score72/100 heuristic
Snapshot87 selected files scanned
Signals0 high / 2 medium / 2 low
Top findings
DevTools access should be reviewed like browser control
The fetched slice shows positive test and annotation signals, while still producing medium-priority review areas around remote listener exposure and write-action confirmation. A human pass would validate launch mode, trusted clients, and sensitive page data handling.
MedRemote listener needs an explicit exposure policy.
MedWrite actions should have confirmation and test coverage.
LowCredential paths detected; redaction appears present.
PassTool annotations and tests appeared in the fetched slice.
Paid handoff
Convert this scan into a fixed-scope review
- Confirm Chrome/DevTools launch and connection modes.
- Map page observation, action, network, console, and file exposure boundaries.
- Validate redaction, trusted clients, and write gates against source evidence.
- Pay USD $1,000 only after written scope acceptance.