navvi-signup

This fragment is a browser-automation playbook that enables automated Microsoft account signup, including explicit CAPTCHA-handling (press-and-hold) and a human/special intervention fallback to proceed. While there are no classic malware indicators in the provided text (no persistence, exfiltration, or host compromise mechanisms), it substantially increases capability for automated account provisioning/botting and thus presents a moderate-to-high security risk in misuse scenarios.

SUSPICIOUS: the skill is purpose-aligned but high-impact. Its footprint matches account-signup automation, yet it enables autonomous external account creation, CAPTCHA handling, credential generation/storage, and persistent persona logging. Install provenance for Navvi appears same-project and official enough to avoid a malware judgment, but the mutable remote install methods and sensitive browser/credential operations make the skill high security risk.