opencli

SUSPICIOUS. The stated purpose matches social-site browsing/interaction, but the skill’s actual footprint is too broad and trust-poor: it relies on an unverifiable external CLI, uses the user’s authenticated Chrome session as implicit credentials, enables private-data access and public posting, and expands itself by generating new site scrapers. The main issue is not classic malware proof, but disproportionate account access and opaque third-party code handling sensitive session-derived data.