browser-cash

SUSPICIOUS. The skill is internally coherent for remote browser automation and its main network/data flows go to official Browser.cash endpoints, so it is not clearly malicious. However, it is higher-risk than a normal browser helper because it explicitly supports anti-bot bypass, installs unpinned packages at runtime, reads a raw API key from local config, and combines arbitrary web content with exec-based automation.