chrome-devtools

SUSPICIOUS. The skill’s capabilities fit its stated browser-automation purpose, and the install sources are mostly official ecosystem tools. However, it executes a local shell installer of unknown contents, performs package installs that may run scripts, and Puppeteer commonly downloads browser binaries; combined with automation over untrusted web content, this makes the skill medium risk rather than benign. No clear credential harvesting, covert exfiltration, or purpose mismatch is evident from the provided text.