jsreverser-mcp-javascript-reverse-engineering

SUSPICIOUS/HIGH-RISK but not confirmed malware. The skill's capabilities are mostly aligned with its reverse-engineering purpose, yet it gives an AI agent offensive browser-analysis powers, handles sensitive session/network data, forwards optional API keys to external code, and is installed from a GitHub repo whose relationship to the listed skill publisher is unclear.