browse

Overall suspicious rather than malicious. The core Browserbase/browser automation behavior is aligned with the stated purpose and the npm install path appears official, but the skill is broad, can attach to existing browser state, forwards API credentials into an external CLI, and most importantly can install additional Browse.sh skills, creating a transitive trust chain that expands agent capabilities beyond the reviewed skill.