chrome-devtools

Based on the provided skill manifest and usage documentation, the package appears functionally consistent and its capabilities align with its stated purpose (Puppeteer-based browser automation). There are no explicit signs of obfuscated code, hardcoded secrets, or third-party credential-harvesting endpoints in this description. However, the capability to execute arbitrary JavaScript in pages, submit forms, and run a local install-deps.sh script are legitimate features that carry significant operational risk if used on sensitive targets or if the helper scripts themselves are malicious. I recommend auditing the contents of ./scripts/* and install-deps.sh and reviewing package.json and node_modules lifecycle scripts before installing or running in a privileged environment. Overall: likely benign in purpose but operationally sensitive; treat as suspicious until the actual scripts are audited.