smart-shopper

SUSPICIOUS: the core browsing, extraction, and local caching are broadly aligned with product research, but the skill increases trust exposure by instructing transitive skill installation and processing untrusted web content with write/exec capabilities. No clear credential theft or exfiltration endpoint is present, so this is not malicious, but it carries medium risk.