browser-cdp

SUSPICIOUS: the stated browser-automation purpose matches the capabilities, but the skill’s core trust boundary is an unverifiable local proxy script and it grants high-impact browser control over arbitrary web content. No obvious credential-harvesting endpoint is shown, yet the combination of real-browser actions, arbitrary JS execution, and untrusted web content makes this a high-risk skill rather than a benign low-risk guide.