smooth-browser

SUSPICIOUS: The skill is broadly aligned with its stated purpose and uses an official-looking PyPI package from the same org, so it is not overtly malicious. However, it grants a third-party browser automation service access to API credentials, uploaded local files, browsing sessions, persistent cookies, and potentially sensitive authenticated workflows; combined with autonomous web actions and arbitrary-site browsing, this creates meaningful security risk even though the data flows appear vendor-consistent rather than deceptive.