web-browser

SUSPICIOUS. The skill is broadly consistent with its stated purpose of real-browser automation, but it grants high-impact control over the user's actual Chrome session, including authenticated browsing, uploads, arbitrary DOM JS, and optional third-party content routing through Jina. Official package-manager installs for Node reduce supply-chain concern, yet the local proxy/check script remains unverifed from the provided evidence. Overall this is a high-capability but purpose-aligned skill with meaningful security risk, not confirmed malware.