chrome-cdp-live-browser

SUSPICIOUS. The skill's capabilities match its stated purpose, but that purpose is inherently high-impact: it gives an AI agent broad control over the user's live authenticated browser session. Data flows stay local to Chrome rather than an obvious exfiltration endpoint, so this is not confirmed malware, but the combination of third-party git installation, access to logged-in accounts, cookie/raw CDP visibility, and action-taking in real sessions makes it high risk.