browser-tools

No explicit malicious code is visible in the README text; however, the documented capabilities (arbitrary JS execution, cookie export including httpOnly, copying and launching with a user's Chrome profile) are high-risk features that can be abused to exfiltrate credentials or other sensitive data. Treat the package as sensitive: audit its implementation and dependencies before use, avoid running it with real user profiles in untrusted contexts, and add safeguards (prompts, logging, access control) where possible.