navvi-browse

SUSPICIOUS: the core browsing capability is coherent with the stated purpose, and the referenced Navvi tooling appears to come from the same publisher rather than an obvious third-party credential trap. The main risk is not covert malware but scope: autonomous browser control, credentialed login, persona-driven posting, and retention of screenshots/content create high account-impact and prompt-injection exposure. Installation trust is moderate due to same-org provenance, but raw GitHub installer usage and transitive skill installation add supply-chain risk.