browser

The documented package is a small, plausible browser automation/scraping helper. Primary security concerns are: (1) explicit guidance to reuse a real Chrome profile (--profile), which exposes session credentials to the automation context; and (2) arbitrary JavaScript evaluation in page context, which can read sensitive data and be used to exfiltrate it. No implementation code was provided, so I cannot rule out malicious network behavior or telemetry; inspect the actual scripts before use. Operational mitigations: avoid using --profile with untrusted code, run automation in ephemeral/isolated profiles or sandboxed environments, audit the scripts for outbound network calls and logging, and check package postinstall hooks and dependency list.