extract-design

SUSPICIOUS: the core capability matches the stated purpose and the npm install path appears official, but the skill goes beyond simple design analysis by emphasizing anti-bot evasion and competitor reverse-engineering on arbitrary websites. No clear credential harvesting or malicious exfiltration is described, so this is not malware, but it carries medium security risk due to broad web access and stealthy browsing behavior.