web-research-assistant

The skill's documented behavior (forwarding user queries and an API key to the BrowserAct service) is consistent with a web-research assistant that relies on a third-party browsing/scraping service. No direct download-execute or obfuscated code is present in the provided documentation. The primary security concerns are: (1) forwarding of the BROWSERACT_API_KEY and potentially sensitive queries/content to an external provider (data exfiltration/privacy risk), and (2) explicit claims of bypassing captchas, paywalls, and geofencing which indicate functionality that can enable scraping, circumvention, and possible terms-of-service or legal violations. Because implementation code is not included, it's not possible to fully assess how credentials and content are handled (storage, logging, TLS validation). I rate this as not evidently malicious code but moderately risky: it centralizes data and credentials to a third party and advertises circumvention features that increase potential for misuse. Recommend reviewing the actual implementation to confirm endpoints, TLS behavior, logging/retention policies, and whether the skill transmits any additional local data beyond the API key and query.