setup-browser-cookies

SUSPICIOUS. The core cookie-import behavior is plausible and mostly local, and the Bun install path appears official and checksum-verified. But the skill is wrapped in a broad gstack control plane that can log telemetry, sync artifacts, modify project files, and make git commits, which is disproportionate to a browser-cookie setup task and weakens trust boundaries.