opencli

SUSPICIOUS. The skill is largely coherent with its stated purpose, but it introduces a high-trust third-party execution layer that can reuse authenticated browser sessions, control apps, and proxy to other CLIs. The npm install path looks plausible rather than overtly malicious, yet the combination of browser permissions, localhost bridge, and passthrough behavior makes this a medium-to-high security risk skill rather than a benign low-risk guide.