jira-browser-fetch

SUSPICIOUS. The skill's core behavior—using Chrome DevTools to extract authenticated Jira session cookies and fetch data—is sensitive and inherently medium risk, but it is internally consistent with its stated SSO/Jira fallback purpose, uses official/local components, and does not route data or credentials to unrelated third parties. Main concerns are browser-session credential access, broad archival of confidential Jira content, and processing untrusted fetched content; there is no strong evidence of malware or credential harvesting beyond the declared local Jira-fetch workflow.

No explicit indicators of malware or overtly malicious behavior are present in the provided snippet because it is documentation describing a legitimate browser-authenticated Jira fetch workflow. The primary security concern is the high-privilege handling of live SSO cookies via Chrome remote debugging and the potential for session mix-ups when reusing shared DevTools ports/profiles. Because the actual script implementation and referenced dependencies are not included, enforcement of network/file-path safety controls cannot be verified, leaving moderate residual security risk.