creative-review

SUSPICIOUS. The core capabilities fit a creative-review skill, and ffmpeg/yt-dlp usage is proportionate to frame extraction and comparison. The main concern is install trust: the documented npm package for agent-browser appears inconsistent with official upstream ownership/docs, and the multi-skill dependency chain broadens trust. No clear credential harvesting, secret-file access, exfiltration endpoint, or malicious payload execution is present in the provided skill.