profile-website-bot-detection

This skill is a documentation/automation recipe for profiling websites against bot-detection vendors using the Kernel remote browser service. It is internally consistent: the capabilities (creating stealth vs normal browsers, collecting network/cookie/header evidence, saving reports/screenshots) match the stated purpose. The primary security considerations are operational: it requires a sensitive KERNEL_API_KEY which will be used to create remote sessions (credential forwarding to the Kernel service is expected but high-value), and it stores full network captures and screenshots locally which can include sensitive data. There are no direct download-and-execute instructions, no obfuscated code, and no explicit exfiltration to attacker-controlled hosts in the provided text. Overall risk depends mostly on protecting the Kernel API key and handling the output artifacts safely. Recommended mitigations: protect and rotate KERNEL_API_KEY, run analysis in a controlled environment, review saved reports before sharing, and limit Kernel account permissions if possible.