github-stars-organizer

SUSPICIOUS: The stated purpose matches the behavior—organizing GitHub stars via browser automation—but the skill's trust model is weakened by its dependency on a separate third-party `chrome-cdp` skill from a personal GitHub repo and by requiring Chrome remote debugging over an authenticated browser session. No clear credential-harvesting or exfiltration path is stated, so this is not confirmed malware, but it carries meaningful security risk from transitive trust and broad browser control.