auto-perf-optimize

The skill is largely coherent with its stated VS Code performance-investigation purpose, but it carries meaningful security risk because it operates a real authenticated editor on the user's machine, can trigger real tool/file actions, and includes an unpinned third-party `npx agent-browser` execution path. This looks more like a legitimate but medium-risk automation skill than a credential-harvesting or overtly malicious one.