How do I install Chrome MCP Server (Security Hardened)?

Install Chrome MCP Server (Security Hardened) with a single command: npx mdskills install Pantheon-Security/chrome-mcp-secure. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Chrome MCP Server (Security Hardened)?

Chrome MCP Server (Security Hardened) works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Chrome MCP Server (Security Hardened)

Name: Chrome MCP Server (Security Hardened): AI Agent Skill
Rating: 9 (1 reviews)
Author: Pantheon-Security

Verified

SecurityIntermediate

Enterprise-grade Chrome automation for AI agents with compliance-ready logging Enterprise Features • Compliance Logging • Security Features • Quick Start • Docker Deploy Built for corporate environments where security, compliance, and auditability are non-negotiable. SIEM-ready logging in industry-standard formats. Every tool execution, credential access, and security event is logged. - authentica

by @Pantheon-Security0Updated 1 weeks ago

Add this skill

npx mdskills install Pantheon-Security/chrome-mcp-secure

Fork & Edit

Skill Advisor9.0

Enterprise-grade Chrome automation MCP with post-quantum encryption, SIEM logging, and secure credential vault

+Provides 22 well-documented tools covering browser automation and secure credential management
+Implements comprehensive security features including post-quantum encryption, PII redaction, and CEF/Syslog compliance logging
+Includes production-ready deployment options with Docker, detailed setup scripts, and extensive configuration examples
-Declared permissions appropriately match the enterprise security and automation capabilities described

SKILL.md

Edit in Browser

1<div align="center">
2 
3# Chrome MCP Server (Security Hardened)
4 
5**Enterprise-grade Chrome automation for AI agents with compliance-ready logging**
6 
7[![Version](https://img.shields.io/badge/Version-2.3.0-brightgreen.svg)](./CHANGELOG.md)
8[![TypeScript](https://img.shields.io/badge/TypeScript-5.x-blue.svg)](https://www.typescriptlang.org/)
9[![MCP](https://img.shields.io/badge/MCP-2025-green.svg)](https://modelcontextprotocol.io/)
10[![Security](https://img.shields.io/badge/Security-Hardened-red.svg)](./SECURITY.md)
11[![Post-Quantum](https://img.shields.io/badge/Encryption-Post--Quantum-purple.svg)](./SECURITY.md#post-quantum-encryption)
12[![SOC2](https://img.shields.io/badge/SOC_2-Compatible-blue.svg)](#compliance-logging)
13[![CEF](https://img.shields.io/badge/CEF-SIEM_Ready-orange.svg)](#compliance-logging)
14[![License](https://img.shields.io/badge/License-MIT-yellow.svg)](./LICENSE)
15 
16[Enterprise Features](#enterprise-ready) • [Compliance Logging](#compliance-logging) • [Security Features](#security-features) • [Quick Start](#quick-start) • [Docker Deploy](#docker-deployment)
17 
18</div>
19 
20---
21 
22## Enterprise Ready
23 
24**Built for corporate environments** where security, compliance, and auditability are non-negotiable.
25 
26| Requirement | Solution |
27|-------------|----------|
28| **Audit Trails** | Hash-chained audit logs with tamper detection |
29| **SIEM Integration** | CEF (Splunk, ArcSight, QRadar) + Syslog (RFC 5424) |
30| **Credential Security** | Post-quantum encryption (ML-KEM-768 + ChaCha20-Poly1305) |
31| **Data Protection** | Auto-redaction of PII in screenshots and logs |
32| **Session Control** | Configurable timeouts, auto-expiry, inactivity lockout |
33| **Access Control** | Token-based authentication with brute-force protection |
34| **Compliance Logging** | OWASP-compliant event categories, correlation IDs |
35 
36### Compliance Standards Support
37 
38| Standard | Coverage |
39|----------|----------|
40| **SOC 2 Type II** | Audit logging, access controls, encryption at rest |
41| **GDPR** | Data minimization, right to erasure, audit trails |
42| **PCI DSS** | Credential protection, access logging, encryption |
43| **HIPAA** | Audit controls, access management, encryption |
44 
45---
46 
47## Compliance Logging
48 
49**SIEM-ready logging** in industry-standard formats. Every tool execution, credential access, and security event is logged.
50 
51### Output Formats
52 
53| Format | Use Case | Example |
54|--------|----------|---------|
55| **CEF** | Splunk, ArcSight, QRadar | `CEF:0\|Pantheon-Security\|Chrome-MCP-Secure\|2.3.0\|...` |
56| **Syslog** | Centralized logging (RFC 5424) | `<134>1 2025-12-16T10:30:00Z ...` |
57| **JSONL** | Elastic, custom pipelines | `{"timestamp":"...","category":"audit",...}` |
58 
59### Event Categories (OWASP-Compliant)
60 
61- `authentication` - Login attempts, session creation
62- `authorization` - Access control decisions
63- `credential` - Vault operations (store, retrieve, delete)
64- `audit` - Tool executions with timing
65- `security` - Rate limits, injection attempts, anomalies
66- `data_access` - Sensitive data retrieval
67 
68### Quick Configuration
69 
70```bash
71# Enable CEF logging for Splunk
72COMPLIANCE_LOG_FORMAT=cef
73COMPLIANCE_LOG_DIR=./logs/compliance
74 
75# Forward to remote syslog
76SYSLOG_HOST=siem.company.com
77SYSLOG_PORT=514
78```
79 
80### Example CEF Output
81 
82```
83CEF:0|Pantheon-Security|Chrome-MCP-Secure|2.3.0|audit:tool:navigate|tool:navigate|3|rt=1702732800000 outcome=success msg=Tool navigate executed: success request=https://internal.company.com cn1=1702732800-abc123 cn1Label=correlationId
84```
85 
86---
87 
88> **Security-hardened fork** of [lxe/chrome-mcp](https://github.com/lxe/chrome-mcp)
89> Maintained by [Pantheon Security](https://github.com/Pantheon-Security)
90 
91---
92 
93## Real-World Results
94 
95> **"We used this MCP for hours building out our security dashboard - the reliability was incredible. The amount of work we produced was huge compared to manual browser interaction."**
96> — Pantheon Security team
97 
98### Production Tested
99 
100| Metric | Result |
101|--------|--------|
102| **Session Duration** | 4+ hours continuous use |
103| **Stability** | Zero crashes or disconnects |
104| **Credential Security** | All logins encrypted, auto-wiped |
105| **Productivity Gain** | 10x faster than manual browser work |
106 
107This isn't just a security enhancement - it's a **reliable workhorse** for AI-assisted browser automation. When you need Claude to interact with web apps for extended sessions, this MCP delivers.
108 
109---
110 
111## Security Features
112 
113### Core Security (v2.1.0)
114 
115| Feature | Description |
116|---------|-------------|
117| **Post-Quantum Encryption** | ML-KEM-768 + ChaCha20-Poly1305 hybrid |
118| **Secure Credential Vault** | Encrypted at rest, auto-wiped from memory |
119| **Memory Scrubbing** | Zeros sensitive data after use |
120| **Audit Logging** | Tamper-evident logs with hash chains |
121| **Profile Isolation** | Dedicated Chrome profile for secure sessions |
122| **Log Sanitization** | Credentials masked in all output |
123| **Rate Limiting** | 100 requests per minute per operation |
124| **Input Validation** | CSS selector sanitization, URL validation |
125 
126### Advanced Security Modules (v2.2.0+)
127 
128| Module | Description |
129|--------|-------------|
130| **Secrets Scanner** | Detects 25+ credential patterns (AWS, GitHub, Slack, OpenAI keys, private keys, JWTs, credit cards, SSNs) |
131| **Response Validator** | Prompt injection detection (15 patterns), suspicious URL blocking, encoded payload detection |
132| **Session Manager** | Credential session lifecycle with 8h max lifetime and 30min inactivity timeout |
133| **MCP Authentication** | Token-based auth with auto-generation, SHA256 hashing, brute-force lockout |
134| **Certificate Pinning** | SPKI-style pinning for Google, GitHub, Microsoft, Anthropic, OpenAI domains |
135| **Screenshot Redaction** | Auto-redacts password fields, credit cards, CVV, SSN, API keys in screenshots |
136| **Cross-Platform Permissions** | Secure file permissions on Linux, macOS, and Windows (icacls) |
137 
138### Post-Quantum Ready
139 
140Traditional encryption will be broken by quantum computers. This fork uses **hybrid encryption**:
141 
142```
143ML-KEM-768 (Kyber) + ChaCha20-Poly1305
144```
145 
146- **ML-KEM-768**: NIST-standardized post-quantum key encapsulation
147- **ChaCha20-Poly1305**: Modern stream cipher (immune to timing attacks)
148 
149Even if one algorithm is broken, the other remains secure.
150 
151### Why Post-Quantum Now?
152 
153| Timeline | Threat |
154|----------|--------|
155| **2024-2030** | "Harvest now, decrypt later" attacks - adversaries collecting encrypted data today |
156| **2030-2035** | Early cryptographically-relevant quantum computers expected |
157| **2035+** | Current RSA/ECC encryption potentially broken |
158 
159Your browser credentials stored today could be decrypted in 10 years. This fork protects against that future threat **now**.
160 
161---
162 
163## Docker Deployment
164 
165**Recommended for production environments.**
166 
167```bash
168# Clone and start
169git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
170cd chrome-mcp-secure
171docker-compose up -d
172```
173 
174### Production Configuration
175 
176```bash
177# Copy example config
178cp env.example .env
179 
180# Edit for your environment
181vim .env
182 
183# Start with custom config
184docker-compose up -d
185```
186 
187### Key Environment Variables
188 
189```bash
190# SIEM Integration
191COMPLIANCE_LOG_FORMAT=cef              # cef, syslog, jsonl, json
192SYSLOG_HOST=siem.company.com           # Remote syslog server
193SYSLOG_PORT=514
194 
195# Encryption (REQUIRED for production)
196CHROME_MCP_ENCRYPTION_KEY=$(openssl rand -base64 32)
197 
198# Session Security
199CHROME_MCP_SESSION_MAX_LIFETIME=28800000   # 8 hours
200CHROME_MCP_SESSION_INACTIVITY=1800000      # 30 minutes
201```
202 
203### Log Collection
204 
205Logs are written to `./logs/compliance/` in your chosen format:
206 
207```bash
208# View compliance logs
209tail -f logs/compliance/compliance-2025-12-16.cef
210 
211# Forward to Splunk via syslog
212docker-compose logs chrome-mcp | nc -u siem.company.com 514
213```
214 
215See [env.example](./env.example) for all configuration options.
216 
217---
218 
219## Installation
220 
221### One-Command Setup (Recommended)
222 
223**Linux / macOS:**
224```bash
225git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
226cd chrome-mcp-secure
227./setup.sh
228```
229 
230**Windows (PowerShell):**
231```powershell
232git clone https://github.com/Pantheon-Security/chrome-mcp-secure.git
233cd chrome-mcp-secure
234.\setup.ps1
235```
236 
237This will:
2381. Install dependencies and build the project
2392. Register the MCP server with Claude Code
2403. Start Chrome with remote debugging
2414. Create an isolated Chrome profile
242 
243### Manual Setup
244 
245```bash
246npm install && npm run build
247claude mcp add chrome-mcp-secure --scope user -- node /path/to/chrome-mcp-secure/dist/index.js
248google-chrome --remote-debugging-port=9222 --user-data-dir=~/.chrome-mcp-profile
249```
250 
251### Platform-Specific Notes
252 
253| Platform | Setup Script | Chrome Profile Location |
254|----------|--------------|------------------------|
255| Linux | `./setup.sh` | `~/.chrome-mcp-profile` |
256| macOS | `./setup.sh` | `~/.chrome-mcp-profile` |
257| Windows | `.\setup.ps1` | `%USERPROFILE%\.chrome-mcp-profile` |
258 
259---
260 
261## Quick Start
262 
263### 1. Start Chrome with debugging
264```bash
265./setup.sh --start-chrome
266```
267 
268### 2. Use in Claude Code
269```
270"Check Chrome connection with health tool"
271"Navigate to https://example.com"
272"Take a screenshot"
273```
274 
275### 3. Secure Login Flow
276```
277"Store a credential for my GitHub account"
278"Navigate to github.com/login"
279"Use secure_login with the stored credential"
280```
281 
282---
283 
284## Available Tools
285 
286### Browser Automation (15 tools)
287 
288| Tool | Description |
289|------|-------------|
290| `health` | Check Chrome connection and version |
291| `navigate` | Navigate to URL |
292| `get_tabs` | List all Chrome tabs |
293| `click_element` | Click element by CSS selector |
294| `click` | Click at coordinates |
295| `type` | Type text at cursor |
296| `get_text` | Extract text from element |
297| `get_page_info` | Get URL, title, interactive elements |
298| `get_page_state` | Get scroll position, viewport size |
299| `scroll` | Scroll to coordinates |
300| `screenshot` | Capture page screenshot |
301| `wait_for_element` | Wait for element to appear |
302| `evaluate` | Execute JavaScript |
303| `fill` | Fill form field |
304| `bypass_cert_and_navigate` | Navigate with HTTPS cert bypass |
305 
306### Secure Credential Tools (7 tools)
307 
308| Tool | Description |
309|------|-------------|
310| `store_credential` | Store encrypted login credentials |
311| `list_credentials` | List stored credentials (no passwords shown) |
312| `get_credential` | Get credential metadata |
313| `delete_credential` | Remove a stored credential |
314| `update_credential` | Update an existing credential |
315| `secure_login` | Auto-fill login forms using stored credentials |
316| `get_vault_status` | Check vault encryption status |
317 
318---
319 
320## Secure Credential Usage
321 
322### Storing Credentials
323 
324```
325Store a credential for my Google account:
326- Name: "Google Work"
327- Type: google
328- Email: me@example.com
329- Password: mypassword123
330- Domain: google.com
331```
332 
333### Using Credentials for Login
334 
335```
3361. Navigate to https://accounts.google.com
3372. Use secure_login with the credential ID from list_credentials
338```
339 
340The `secure_login` tool will:
341- Retrieve and decrypt the credential from the vault
342- Auto-fill the username/email field
343- Auto-fill the password field
344- Click the submit button
345- Wipe credentials from memory after use
346 
347---
348 
349## What Gets Protected
350 
351| Data | Protection |
352|------|------------|
353| Login credentials | Post-quantum encrypted at rest |
354| Passwords in memory | Auto-wiped after 5 min TTL |
355| Log output | Credentials auto-masked |
356| Chrome profile | Isolated from default browser |
357| Audit trail | Hash-chained for tamper detection |
358 
359---
360 
361## Configuration
362 
363### Environment Variables
364 
365```bash
366# Chrome connection
367CHROME_HOST=localhost
368CHROME_PORT=9222
369CHROME_PROFILE_DIR=~/.chrome-mcp-profile
370 
371# Encryption (recommended for production)
372CHROME_MCP_ENCRYPTION_KEY=<base64-32-bytes>
373CHROME_MCP_USE_POST_QUANTUM=true
374 
375# Credential vault
376CHROME_MCP_CONFIG_DIR=~/.chrome-mcp
377CHROME_MCP_CREDENTIAL_TTL=300000  # 5 minutes
378 
379# Logging
380LOG_LEVEL=info
381AUDIT_LOGGING=true
382```
383 
384### Generate Strong Encryption Key
385 
386```bash
387openssl rand -base64 32
388```
389 
390See [SECURITY.md](./SECURITY.md) for complete configuration reference.
391 
392---
393 
394## Security Architecture
395 
396### Encryption
397 
398```
399                    ┌─────────────────────────────────────┐
400                    │      ML-KEM-768 Key Pair            │
401                    │   (Post-Quantum Key Encapsulation)  │
402                    └─────────────────┬───────────────────┘
403                                      │
404                    ┌─────────────────┴───────────────────┐
405                    │      ChaCha20-Poly1305              │
406                    │   (Symmetric AEAD Encryption)       │
407                    └─────────────────┬───────────────────┘
408                                      │
409                    ┌─────────────────┴───────────────────┐
410                    │      Encrypted Credential Files     │
411                    │   ~/.chrome-mcp/credentials/*.pqenc │
412                    └─────────────────────────────────────┘
413```
414 
415### Memory Protection
416 
417- **SecureCredential class**: Auto-wipes credentials after TTL (5 min default)
418- **Zero-fill buffers**: Random overwrite + zero fill prevents memory dumps
419- **No credential logging**: Automatic masking of sensitive field names
420 
421### Why ChaCha20-Poly1305 over AES-GCM?
422 
423| Property | ChaCha20-Poly1305 | AES-GCM |
424|----------|-------------------|---------|
425| Timing attacks | Immune (constant-time) | Vulnerable without AES-NI |
426| Software speed | Fast everywhere | Slow without hardware |
427| Complexity | Simple | Complex (GCM mode) |
428| Adoption | Google, Cloudflare TLS | Legacy systems |
429 
430---
431 
432## Management Commands
433 
434```bash
435# Full setup
436./setup.sh
437 
438# Check status
439./setup.sh --check
440 
441# Uninstall from Claude Code
442./setup.sh --uninstall
443 
444# Start/stop Chrome
445./setup.sh --start-chrome
446./setup.sh --stop-chrome
447```
448 
449---
450 
451## Architecture
452 
453```
454┌─────────────┐     ┌──────────────────┐     ┌─────────────┐
455│ Claude/     │────▶│  MCP Server      │────▶│   Chrome    │
456│ AI Agent    │     │  (This Fork)     │     │   (CDP)     │
457└─────────────┘     └──────────────────┘     └─────────────┘
458                           │
459                    ┌──────┴──────┐
460                    │  Security   │
461                    │   Layers    │
462                    └─────────────┘
463                    • PQ Encryption
464                    • Credential Vault
465                    • Memory Wipe
466                    • Audit Logs
467                    • Rate Limits
468                    • Input Validation
469```
470 
471---
472 
473## File Structure
474 
475```
476chrome-mcp-secure/
477├── src/
478│   ├── index.ts              # MCP server entry point
479│   ├── cdp-client.ts         # Persistent CDP WebSocket client
480│   ├── tools.ts              # Browser automation tools
481│   │
482│   │── # Core Security (v2.1.0)
483│   ├── credential-vault.ts   # Encrypted credential storage
484│   ├── credential-tools.ts   # Credential MCP tools
485│   ├── crypto.ts             # Post-quantum encryption (ML-KEM-768 + ChaCha20)
486│   ├── secure-memory.ts      # Memory protection utilities
487│   ├── security.ts           # Input validation, rate limiting
488│   ├── logger.ts             # Logging with auto-masking
489│   ├── errors.ts             # Typed error classes
490│   │
491│   │── # Advanced Security Modules (v2.2.0+)
492│   ├── secrets-scanner.ts    # Credential leak detection (25+ patterns)
493│   ├── response-validator.ts # Prompt injection detection
494│   ├── session-manager.ts    # Session lifecycle management
495│   ├── mcp-auth.ts           # Token-based MCP authentication
496│   ├── cert-pinning.ts       # Certificate pinning for sensitive domains
497│   ├── screenshot-redaction.ts # Auto-redact sensitive fields
498│   └── file-permissions.ts   # Cross-platform secure file permissions
499│
500├── dist/                     # Compiled JavaScript
501├── setup.sh                  # Linux/macOS setup
502├── setup.ps1                 # Windows setup
503├── SECURITY.md               # Security documentation
504├── CHANGELOG.md              # Version history
505├── CLAUDE.md                 # Claude Code integration guide
506└── README.md
507```
508 
509---
510 
511## Comparison with Original
512 
513| Feature | [lxe/chrome-mcp](https://github.com/lxe/chrome-mcp) | This Fork |
514|---------|----------|-----------|
515| Chrome automation | ✅ | ✅ |
516| Persistent WebSocket | ✅ | ✅ |
517| Cross-platform | ✅ | ✅ |
518| **Post-quantum encryption** | ❌ | ✅ |
519| **Secure credential vault** | ❌ | ✅ |
520| **Memory scrubbing** | ❌ | ✅ |
521| **Audit logging** | ❌ | ✅ |
522| **Auto log masking** | ❌ | ✅ |
523| **Profile isolation** | ❌ | ✅ |
524| **Secrets scanner** | ❌ | ✅ |
525| **Prompt injection detection** | ❌ | ✅ |
526| **Session management** | ❌ | ✅ |
527| **MCP authentication** | ❌ | ✅ |
528| **Certificate pinning** | ❌ | ✅ |
529| **Screenshot redaction** | ❌ | ✅ |
530 
531---
532 
533## What's New in v2.2.x
534 
535### v2.2.1 - Cross-Platform File Permissions
536- All file operations use centralized `file-permissions.ts`
537- Proper Windows ACL support via `icacls`
538- Consistent 0o700/0o600 permissions on Unix
539 
540### v2.2.0 - Advanced Security Modules
541Six new security modules totaling **3,000+ lines** of security hardening:
542 
5431. **Secrets Scanner** - Detects leaked credentials in page content using patterns from TruffleHog, GitLeaks, and MEDUSA
5442. **Response Validator** - Blocks prompt injection attacks in scraped content
5453. **Session Manager** - Auto-expires credential sessions after configurable timeouts
5464. **MCP Authentication** - Protects the MCP server itself with token-based auth
5475. **Certificate Pinning** - Validates TLS certificates for sensitive domains
5486. **Screenshot Redaction** - Overlays sensitive fields before screenshots
549 
550See [CHANGELOG.md](./CHANGELOG.md) for full version history.
551 
552---
553 
554## Troubleshooting
555 
556### Chrome not accessible
557```bash
558curl http://localhost:9222/json
559# If no response, start Chrome:
560./setup.sh --start-chrome
561```
562 
563### Credential decryption fails
5641. Check if you changed machines (machine-derived key won't work)
5652. Set `CHROME_MCP_ENCRYPTION_KEY` to the same key used to encrypt
5663. Credentials may need to be re-stored if key is lost
567 
568### Element not found
569```
570Use get_page_info to see available elements
571Use wait_for_element for dynamic content
572```
573 
574---
575 
576## Development
577 
578```bash
579# Install dependencies
580npm install
581 
582# Development mode (auto-reload)
583npm run dev
584 
585# Type checking
586npm run typecheck
587 
588# Build for production
589npm run build
590 
591# Run built version
592npm start
593```
594 
595---
596 
597## Reporting Vulnerabilities
598 
599Found a security issue? **Do not open a public GitHub issue.**
600 
601Email: support@pantheonsecurity.io
602 
603---
604 
605## Credits
606 
607- **Original Chrome MCP**: [lxe](https://github.com/lxe) - [chrome-mcp](https://github.com/lxe/chrome-mcp)
608- **Security Hardening**: [Pantheon Security](https://github.com/Pantheon-Security)
609- **Security Patterns**: Adapted from [notebooklm-mcp-secure](https://github.com/Pantheon-Security/notebooklm-mcp-secure)
610- **Post-Quantum Crypto**: [@noble/post-quantum](https://www.npmjs.com/package/@noble/post-quantum)
611 
612## License
613 
614MIT - Same as original.
615 
616---
617 
618<div align="center">
619 
620**Security hardened by [Pantheon Security](https://github.com/Pantheon-Security)**
621 
622[Full Security Documentation](./SECURITY.md) • [Report Vulnerability](mailto:support@pantheonsecurity.io)
623 
624</div>
625

Full transparency — inspect the skill content before installing.