visual-diff

SUSPICIOUS: the core behavior matches a visual diff skill, but its footprint is broader than necessary because it installs/executes unpinned npm tooling, opens remote-debug Chrome, and chains multiple unreviewed sub-skills. Data flow is mostly local and proportionate, with no clear credential harvesting or exfiltration, so this is not malicious; the main concern is medium supply-chain and transitive trust risk.