lazyweb-quick-references

SUSPICIOUS: the core purpose is coherent, but the skill’s execution trust is weak. It relies on unverifiable local browse binaries and transitive plugin/skill setup, while browsing untrusted web content with Bash/Write capability. I do not see clear credential theft or exfiltration, so this is high-risk/vulnerable rather than confirmed malware.