ptc-orchestration

[Skill Scanner] Installation of third-party script detected No explicit malicious code is visible in the provided documentation fragment. The dominant security risk arises from the high-privilege capabilities the skill requests (Anthropic code_execution combined with MCP browser orchestration) and from unspecified trust boundaries for MCP servers. Treat this package as potentially risky until you: (1) inspect the actual implementation for network endpoints or hidden uploads, (2) verify MCP servers are local/trusted, (3) restrict code_execution scope and allowed callers, and (4) prefer reproducible installation provenance (signed releases/checksums). Use caution: not confirmed malicious but capable of data exposure if misconfigured. LLM verification: The skill's features are consistent with its stated purpose (multi-URL scraping and browser orchestration) and there is no direct evidence of malicious code or obfuscation in the provided text. However, the skill enables high-risk capabilities (agent code execution + control of MCP browser servers) that, if combined with untrusted inputs or an untrusted MCP endpoint, could lead to arbitrary code execution or data exfiltration. Recommend treating the package as sensitive: audit the local package