web-shader-extractor

SUSPICIOUS. The core purpose is coherent with browser automation and page analysis, but the skill’s footprint is broader than necessary because it mandates silent autonomous installs and uses risky supply-chain patterns. Official sources reduce malware confidence, yet unverified download/extract behavior, unpinned Playwright installation, and optional third-party mirror routing make this a high security-risk skill rather than a benign documentation workflow.