agent-browser

This skill is coherent with its stated purpose and uses an official same-project CLI, so it is not malware. However, it gives an AI agent broad, mostly unrestricted browser power over arbitrary sites, credentials, local state, and untrusted web content; with wildcard Bash invocation and optional-only safety controls, the overall risk is medium-high and best classified as suspicious rather than benign.