tabz-browser

This fragment describes a high-capability browser automation interface. Its main security concern is the explicit ability to execute arbitrary JavaScript in the page context, alongside mechanisms to input sensitive-looking data, click UI elements, extract DOM content, and capture screenshots. However, the snippet provides no concrete evidence of malicious intent (no domains/requests, persistence, or system-level actions). Treat as potentially high risk if untrusted callers can access these primitives or if sandboxing/permission checks are weak; otherwise, it may be used safely for controlled automation/testing.

SUSPICIOUS: the skill’s capabilities mostly match its browser-automation purpose, but it grants a wide action surface over arbitrary web content and sensitive browser state. No direct malware or credential-harvesting endpoint is shown, yet the combination of live browser control, cookies/network inspection, and implicit third-party MCP tooling makes this a medium-risk skill that should only run with tight user oversight.