zhongwei/gh-whamp-whamp-claude-tools-browser-tools-plugin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
89c3c1ab83de2f661b52b0aa0aab22754df71b9a
gh-whamp-whamp-claude-tools…/skills/browser-tools/references/04-security.md
Zhongwei Li 89c3c1ab83 Initial commit
2025-11-30 09:05:55 +08:00

8 lines
881 B
Markdown
Raw Blame History

## Security Guidelines
- **Profiles**: Using `--profile` clones your default Chrome profile into `~/.cache/browser-tools/profile-<port>`. Remove the directory after sensitive sessions or reuse `close.js` which leaves the copy on disk for next runs.
- **Credentials**: Exported cookie JSON files may contain session tokens. Store them outside version control and delete when no longer needed.
- **JavaScript execution**: Only evaluate trusted code. Prefer passing scripts via `--file` to keep complex payloads auditable.
- **Remote endpoints**: When targeting remote Chrome instances with `--ws`, ensure the connection is tunneled (SSH, VPN) because the DevTools protocol provides full browser access.
- **Force shutdown**: `close.js --force` uses process termination (`pkill`/`taskkill`). Verify no unrelated Chrome sessions share the same user data directory before invoking it.
Reference in New Issue View Git Blame Copy Permalink