baoyu-danger-gemini-web

This module is designed to automate obtaining authenticated Google (Gemini) cookies by launching or attaching to Chrome via the DevTools Protocol, polling for session readiness, and persisting cookies to disk. The code does not contain obvious obfuscated malware, remote command/backdoor behavior, or calls to attacker-controlled endpoints. However, it performs sensitive actions: retrieving and storing authentication cookies and controlling a browser process. That behavior is high-risk from a credential-exposure perspective and could be misused to harvest credentials if used without explicit user consent. Recommend treating this component as sensitive: audit its use, ensure the user knows cookies will be extracted and stored, restrict access to the cookie cache file, and verify provenance of the package before use.

SUSPICIOUS. The skill's capabilities mostly match its stated purpose, and the Bun execution path appears official, but it depends on reverse-engineered Gemini web access and browser-cookie authentication instead of standard API flows. That makes the scope sensitive and higher risk than a normal official API integration, though there is no clear evidence of credential harvesting or off-platform exfiltration.