native-devtools-mcp-automation

SUSPICIOUS: The skill’s capabilities mostly match its stated purpose as a native/browser/device automation MCP server, but its footprint is very powerful: screen capture, accessibility access, browser/device control, CDP eval, and optional wildcard auto-approval. Install paths are mostly standard and same-project, though publisher identity is not clearly verifiable and `npx -y` is unpinned. No clear credential theft or exfiltration endpoint is shown, so this is not confirmed malware, but it is a high-risk automation skill whose permissions and action scope can cause significant real-world impact.