scrape-webpage

Based on the provided skill documentation (no source code), the described capabilities align with its purpose (webpage scraping + asset download/cleanup) and installations reference expected official tools. There are no explicit malicious indicators in this description (no hardcoded keys, no unknown remote endpoints, no obfuscation). However, loading arbitrary remote pages in a headless browser and executing conversion helpers (Sharp) increases attack surface in expected ways; the real security posture depends on the omitted analyze-webpage.js and helper scripts. If those scripts: sanitize output paths, avoid sending data to third-party domains, and do not collect credentials or browser state, the skill is benign for the stated use. Without inspecting the actual implementation, there remains moderate residual risk.