authenticated-web-scraper

This script is not obviously malware by itself, but it performs dangerous operations: forcefully terminating Edge, launching Edge with remote debugging bound to 0.0.0.0 and remote origins allowed, and querying the DevTools endpoint. Exposing the DevTools Protocol to all network interfaces without access controls can permit remote control of the browser and lead to session hijacking, code execution in pages, and data exposure. Treat this code as risky: only run in isolated, trusted environments (local, non-networked, or properly firewalled) and avoid using --remote-debugging-address=0.0.0.0 / --remote-allow-origins=* on machines reachable by untrusted networks. If included in a package, document and warn users clearly; consider changing to bind to localhost only or require explicit opt-in.

SUSPICIOUS: The skill is internally aligned with authenticated web scraping and uses official Microsoft CDP mechanisms, so it is not fundamentally malicious. However, it enables broad access to the user's logged-in browser session, opens Edge remote debugging on 0.0.0.0 with permissive origin settings, force-kills/relaunches Edge, and installs an unpinned third-party npm package. These behaviors are proportionate to the purpose but create meaningful local security risk and access to sensitive internal content.