playwright

SUSPICIOUS: the core browser-automation behavior is coherent, but the install path relies on an archived/legacy Playwright CLI package with unpinned npm execution, and the skill also reaches into local env/Keychain credentials for a product-specific login flow. No clear credential exfiltration or malicious redirection is shown, so this is not confirmed malware.