electrobun-window-management

[Skill Scanner] [Documentation context] Credential file access detected This skill is coherent with its stated purpose and contains no obvious malicious code or supply-chain download-execute patterns. Primary security concerns are expected: loading arbitrary remote URLs into BrowserView and exposing generic inter-window RPC/broadcast APIs. These increase the attack surface and require runtime controls (origin validation, RPC authorization, content sandboxing). No credential harvesting, obfuscated code, or external command execution was found. LLM verification: [LLM Escalated] This skill appears functionally correct for window/view management and does not contain obvious obfuscated or explicitly malicious code (no remote installers, hardcoded credentials, or shell execution). The primary security concern is the RPC/broadcast patterns that forward arbitrary method calls between windows and the loading of arbitrary URLs into BrowserViews without shown sandboxing — together these create a high-risk abuse path if untrusted content or untrusted window IDs are used. Overall