unbrowse

The Unbrowse skill description demonstrates capabilities (browser-based API discovery, extraction, and sharing of discovered schemas) that are coherent with its stated goal of analyzing websites and turning findings into reusable skills. However, several security concerns are present: it reads browser cookies (potential credential/session data) and stores/reuses them; it may transmit or publish API structures to a collective registry; it exposes a local REST API and browser-based automation that can function without explicit per-action user consent. These patterns indicate elevated data-exposure and supply-chain risks, particularly around credential leakage, data exfiltration, and autonomous actions. Overall, the footprint is suspicious to high-risk rather than clearly benign, and should be treated as a security risk requiring strong governance, explicit user consent, minimized data handling, and hardened authentication/isolation for local services.