reflex-browser

SUSPICIOUS: the skill’s capabilities fit its stated browser-automation purpose, and the Gitea registry setup is internally consistent, but the install path depends on a private token-authenticated package with limited public provenance. Main risk is supply-chain/install trust and the broad power of browser automation, not clear malicious behavior or credential harvesting.