dev-browser

SUSPICIOUS. The skill's capabilities largely match its browser-automation purpose, but extension mode and arbitrary website control give the agent high-impact access to authenticated sessions and untrusted web content. No clear credential theft or covert exfiltration is described, yet the combination of browser automation, scraping, and live-session control makes this a medium-to-high security risk skill.