dev-scan

SUSPICIOUS: the research purpose is legitimate, and most API/data flows fit that purpose, but the skill’s footprint is not fully proportionate because it relies on an unverifiable external `chromux` binary and combines untrusted-content ingestion with bash/file capabilities. Product Hunt token use is expected, but the opaque browser tool makes install trust the dominant risk.