browse

SUSPICIOUS. The core browsing capability is legitimate and the main installer evidence is same-org/official, but this skill’s actual footprint is much broader than browser QA: it performs telemetry, artifact sync, config management, CLAUDE.md injection, and potential git commits. That scope creep makes it internally inconsistent and medium risk rather than clearly benign.

No clear evidence of intentional malware (no reverse shell, cryptomining, hardcoded malicious domains, or direct host data exfiltration) in this fragment. The highest security concerns are (1) stealth/anti-detection script injection and (2) dynamic loading of a Chromium extension from filesystem paths/environment inputs, plus (3) persisting an auth token to disk. These behaviors can be legitimate for an automation tool, but they significantly increase impact if an attacker can influence extension paths/state inputs or intercept persisted artifacts.

This module is not performing technical exfiltration by itself (no JavaScript/network actions), but it embeds multiple high-risk social-engineering and instruction-injection payloads—including hidden credential-exfiltration instructions and malicious aria-label directives referencing external attacker-controlled domains. Treat the page as hostile content suitable for prompt-injection/credential-theft risk during rendering or automated consumption; review/sanitize untrusted HTML and neutralize or remove embedded external instructions.